Hi all,

I've been tasked with implementing VPN connections for our remote users that improve on the existing SSL-VPN provision in a couple of ways.

1: We want the Windows-based clients to start their VPN connections on boot, before the user logs in, so that they have a connection in to our Windows domain controllers and the Windows clients can update their local info from the DC's prior to doing the login.

2: we want to implement MFA on our VPN connections using pre-existing Microsoft O365/AzureAD accounts as users are already extensively using this system elsewhere and we don't want to add yet another 2FA method (i.e. no fortitoken :D )

The problem is I don't even know what terminology I need to use to dig out relevant information from the Fortinet documentation site. I *think* I need to set up an IPSEC client vpn instead of the SSL-VPN they're already using, and deploy a different config on the Forticlient, but my searching has been fruitless thus far. Can someone point me in the right direction please?

Cheers,

Stacy