VPN and Always-UP
I would like to configure Fortigate for always-up VPN connectivity like Direct Access with the VPN being initiated before the user has logged on to the laptop. Either secured by a valid certificate issued individually to each machine from our internal CA (we already issue certs for corporate wireless access so using the same computer cert would be helpful) or using Windows credentials + eventually some form of second factor. Of course it should be secure, but also convenient for the end user.
Does anyone know if this kind of scenario is supported?
And if yes, would you go down that road? I mean reagrding evntual issues with forticlient and installation of the same on Win10 machines.