Extend dynamic VLANs SSID on a remote site with a FortiAP 14C

Hello,

I'm trying to extend my office private SSID which is using dynamic VLANs (2 sub interfaces under the SSID interface) to assign different policies to different groups (the authentication is made from Active Directory Radius) to a remote site (home, hotels, etc.) with a FortiAP 14C. I have a Fortigate 300D on OS 5.4 acting as the WIFI controller and the WAN interface accepts CAPWAP traffic and my FortiAP has my Fortigate WAN IP in it's setting for the remote controller. So my FortiAP connects to the Fortigate by CAPWAP tunneling over the Internet. I see the FortiAP 14C in my FortiAP devices in my Fortigate and I've authorized it and the FortiAP is broadcasting the SSID like it should but I can't connect to it. I always get an APIPA IP and it's the same thing for the LAN ports of the FortiAP because the lan ports are like the SSID. I've also done a packet trace on the WIFI main interface and seems like the traffic goes to that interface instead of the sub-interfaces.

However if I try to extend my public WIFI SSID which doesn't use the dynamic VLAN and use a regular WIFI interface only, it works like a charm. I get my IP address and from remote it's like I'm sitting at the office using the public WIFI.

Does anyone ever tried to accomplish something like this ? Maybe it's not possible to do this kind of setup with dynamic VLANs and I should just create a new interface dedicated to remote WIFI users.

Thank you,