I am doing some penetration testing on my own network, are there any tools resistant to MITM that I can experiment with?
SSLVPN - use a valid certificate trusted by connecting clients, users instructed to NEVER continue connecting if they get certificate warning.
IPSec - use cert-authentication (instead of PSK), never look back. Use DH groups and algorithms that are considered secure.
And you’re pretty much done.
(or did you mean you want to try doing MITM with your FGT against some traffic?)
All VPN protocols are resistant to MITM. Obviously PPTP is not to be even considered.
To add to this, it is usually very very difficult to MITM a VPN connection because you need to know one or both endpoints’ keys(depend on the type of VPN and how it is configured). IF you take SSL types, usually there is a server key and client key. If you can grab the server key, then why bother with a MITM? You have access to the server.
Nothing wrong with L2TP/IPsec 
The IPSec part is important.