Thanks for your response, actually the RADUIS serv can respond to ICMP if ICMP works then authenticate will work as well, the weird thing is I can ping all the net except the radius subnet which is third-party server.
Note that ICMP and RADIUS (udp) are unrelated. ICMP is for testing the network generally. The server may really reject ping unless setup to allow it and RADIUS - then yes, fixing ping will also allow RADIUS traffic to arrive at that box.
Its the best if you can provide simple network diagram for this issue.
By default, windows firewall block ping. You may consider to disable Windows firewall on the radius server 1st.
From Guest_wifi interface, you able to ping all the net, but not Radius server. Is the Radius server sit on different network? Or same network? Are you able to ping the Radius server from same network?
This information will help to troubleshoot further.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.