In order for the WiFi client to connect using its certificate a SSID has to be configured on the FortiGate to accept this type of authentication.
- Go to WiFi & Switch Controller > SSID and create an SSID with DHCP for clients.
- Set the following WiFi Settings, assigning the RADIUS Server configured earlier.
- Then go to WiFi & Switch Controller > FortiAP Profiles and edit your FortiAP default profile.
- Then go to Policy & Objects > IPv4 Policy and create a policy that allows outbound traffic from the EAP-TLS wireless interface to the Internet.
Select the new SSID for both Radio 1 and Radio 2.