I would like to configure Always On VPN with device tunnels as a DA replacement.
When looking at the documentation here it seems to focus on IKEv2 and user tunnels.
If I follow the documentation for the supporting infrastructure with respect to the certificate templates for nps, users and servers, will this support device tunnels or is there additional configuration (additional certificate templates?) required here?
Also, if I want to use SSTP instead of IKEv2 for the ease of load balancing and less restrictions for travelers, is that documented anywhere? How would I go about using SSTP instead of IKEv2? I'm not asking how to load balance, but more so, how to configure SSTP instead of IKEv2.
At the end of the day, I am trying to accomplish having Always On VPN with SSTP with user and device tunnels to replace direct access.
All I can find online for documentation seems to be the official documentation I linked to above and a few blog posts that do not really touch on device tunnels.
https://www.cyberdrain.com/deploying-auto-vpn-or-always-on-vpn/
https://www.petenetlive.com/KB/Article/0001403
I am leaning towards following the cyberdrain guide as it touches on SSTP and makes it sound like it covers device tunnels as well. But I have no confirmation that device tunnels will work using his guide.