It's likely the LaunchDaemon is running one part of the Forticlient process, and the LaunchAgent is running something user facing, like the icon at the top of the toolbar that you referenced in your first post.
So, if you need to relaunch the LaunchAgent, the above launchctl load code by itself isn't going to work when run from a policy, because policies run as root, and it would attempt to load the LaunchAgent in the root account space, which it can't do.
For this, I would use launchctl asuser, possibly first to see if the agent is running, and then to launch it if it's not already running and needs to be.
Here's a sample script, but you will need to determine the exact process name that shows up in the command line and plug that in, as well as the LaunchAgent file name. I don't use Forticlient so I don't know what either of those are. Is the FortiClientAgent name in your screenshot the actual user facing process? If so, you would use that in the ForticlientProcess section below.
#!/bin/bash
## Get logged in user and UID
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)
## Put the name of the process you want to check on here. Do "ps axc" in Terminal to look for the name
ForticlientProcess="FortiClientProcess"
## Put the LaunchAgent plist path and name here
ForticlientAgentPlist="/Library/LaunchAgents/com.something.plist"
if [ "$loggedInUser" != "root" ]; then
echo "A user is logged in. Checking for agent process..."
## Check for agent as user
FCProcCheck=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser ps axc | grep "$ForticlientProcess" 2>&1 >/dev/null; echo $?)
if [ "$FCProcCheck" != 0 ]; then
echo "Agent is not running. Reloading..."
/bin/launchctl asuser $loggedInUID /bin/launchctl unload "$ForticlientAgentPlist"
/bin/launchctl asuser $loggedInUID /bin/launchctl load "$ForticlientAgentPlist"
else
echo "Agent process is running. Nothing to do."
exit 0
fi
else
echo "No-one logged in. Cannot check on agent process."
exit 0
fi
