Windows 10 Always On VPN Configuration
As a stated direction, Microsoft is moving away from DirectAccess which we have used for many years in favor of Windows 10 Always on VPN. In the example documentation from Microsoft all of the configurations use Windows RRAS and NPS. I would rather use a Fortigate configuration, but I'm new to the platform and looking for some best practices and sample configurations for both the Fortigate and Windows 10 client side.
Specifically with DirectAccess there was an infrastructure tunnel established when the laptop booted using a machine certificate for authentication. Windows 10 Always on VPN has a similar concept with Device + User Tunnel with split tunneling and I would like to continue that configuration. Users have gotten used to just booting the laptop logging in via smartcard and they are in.
Any help or guidance on the Fortigate configuration to make this work would be much appreciated.