This guide provides configuration on SSL-VPN to match with user and computer certificate.
Refer to below cookbook for detail setup on 'SSLVPN with LDAP-intergrated certificate authentication'.
FortiGate LDAP matches certificate based on SAN and as per writing it only can support UPN name which works for user certificate as LDAP user attribute contain UPN.
LDAP computer attribute does not contain UPN, in order to get matched for both user and machine, it is necessary to use sAMAccountName as the matching attribute.
It needs to be configured under '# config user ldap' refered to below example"
# config user ldad
set server "172.18.60.206"
set cnid "cn"
set dn "dc=fortinet-fsso,dc=com"
set type regular
set username "cn=admin,ou=testing,dc=fortinet-fsso,dc=com"
set password ldap-server-password
set account-key-filter "(&(sAMAccountName=%s)(!(UserAccountControl:1.2.840.1135126.96.36.1993:=2)))"