Interesting. I'm about to configure a hub with many spokes as well. I did not know that it wasn't a good practice to deploy SD-WAN in the hub. Can you let me know where you found this information? also, are you looking at configuring AD-VPN?
The following KB article has some good information.
Do you have much spoke to spoke traffic, if it's very limited do you need advpn. Asking myself this question at the moment and I think the answer for me is no, apart from an odd phone call, no traffic between spokes.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.