If you confirmed that FortiClient received the Remote access profile updates from EMS and that you can establish the tunnel manually, verify the configuration by doing the following.
diagnose debug application fnbamd -1debugs on the FortiGate.
- Restart the Windows computer.
- If upon restart, no debugs appear, the device has not attempted VPN connection.
- On EMS, edit the Remote Access profile currently assigned to the endpoint policy.
- In XML view, verify under the global
<on_os_start_connect>is configured and assigned the machine-cert-vpn-auto tunnel.