it should work. Some requirements and notes on how we got it working:
- Any Network must be included in the gateway's VPN site
- CA that has signed the gateway certificate must be imported to Windows certificate store under 'Third-party root certificates'
- IKEv2 should be used
- EAP-MSCHAPv2 should be used for authentication, authentication should be done to external LDAP (e.g. AD)
At least with Mac/iOS VPN the server name you choose in the client must also match to the gateway's endpoint Phase-1 ID. Same might have been also required by Windows. Support can provide you an illustrated document with instructions also if you open a ticket.
I will do configuration over the next couple of days. When it's up and running, I can publish my documentation her.