If you want to inspect the traffic of source system , then install the certificate on source system , I hope as per your comment, source system belongs to users_lan, then you should install certificate on respective source system.
And if you want to inspect all traffic, then you can use deep inspection certificate.
Also please make sure the certificate you use for deep packet inspection should be trusted by client or issue by CA which is trusted by clients and servers. Otherwise you might face issues for SSL because of untrusted cert.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.