Hot!Windows 10 Always On VPN Configuration

Author
redparadox
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/04 05:26:03
  • Status: offline
2019/02/04 05:41:22 (permalink)
0

Windows 10 Always On VPN Configuration

As a stated direction, Microsoft is moving away from DirectAccess which we have used for many years in favor of Windows 10 Always on VPN.  In the example documentation from Microsoft all of the configurations use Windows RRAS and NPS.  I would rather use a Fortigate configuration, but I'm new to the platform and looking for some best practices and sample configurations for both the Fortigate and Windows 10 client side.
 
Specifically with DirectAccess there was an infrastructure tunnel established when the laptop booted using a machine certificate for authentication.  Windows 10 Always on VPN has a similar concept with Device + User Tunnel with split tunneling and I would like to continue that configuration.  Users have gotten used to just booting the laptop logging in via smartcard and they are in.
 
Any help or guidance on the Fortigate configuration to make this work would be much appreciated.
#1

5 Replies Related Threads

    diaoqh
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/11 21:06:01
    • Status: offline
    Re: Windows 10 Always On VPN Configuration 2019/03/11 21:08:18 (permalink)
    0
    Hey, redparadox,
     
    Have you got anybody replied to you? I am looking for the same solution...
     
    thanks 
     
    DD
    #2
    isamt
    Bronze Member
    • Total Posts : 29
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Windows 10 Always On VPN Configuration 2019/12/12 02:23:13 (permalink)
    0
    This document from Fortinet explains the process:
     
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD41185
    #3
    aaron833
    New Member
    • Total Posts : 13
    • Scores: 4
    • Reward points: 0
    • Joined: 2017/08/11 10:46:05
    • Status: offline
    Re: Windows 10 Always On VPN Configuration 2020/06/15 14:59:51 (permalink)
    0
    isamt
    This document from Fortinet explains the process:
     
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD41185


    That document explains how to use FortiClient's "autoconnect" feature which is not the same as Microsoft's "Always on VPN".  
     
    I think the documentation you will need for Fortigate configuration when setting up Microsoft's Always on VPN is this:
    https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-ipsecvpn/L2TP_and_IPsec/L2TP_and_IPsec.htm
     
    I'm completely new to Always on VPN but am looking at implementing it.  I have been using FortiClient's "autoconnect" for myself and it works okay, but the FortiClient software itself is total garbage, (so too is EMS).  In the end I just want a seamless user experience and don't want to be constantly upgrading a VPN client.
    post edited by aaron833 - 2020/06/15 15:06:42
    #4
    sw2090
    Expert Member
    • Total Posts : 712
    • Scores: 50
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Windows 10 Always On VPN Configuration 2020/06/16 00:10:00 (permalink)
    0
    p1/p2 auto negatiation plus DPD and NAT Keepalive might be helpful.
    #5
    Allroads_Support
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/09 21:35:41
    • Status: offline
    Re: Windows 10 Always On VPN Configuration 2020/07/09 21:53:33 (permalink)
    0
    +1. I am interested in a full guide also.
    I was speaking to a Fortinet Engineer (Technical Presales I think) then did some research.
    What I have found out so far.
    Apparently it needs to be an IKEv2 VPN. Device based, using Certificate for Authentication. It needs to be configured on the Windows device using PowerShell or MDM. Apparently now works for Windows 10 Pro as well.
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5