Just tell us your intention of design, bridge mode (sharing the LAN subnet with wired devices) or tunnel mode (a separate subnet from LAN), and your GUI view for 1) Managed APs, and 2) SSID (edit interface) config.

Toshi

The config looks fine by itself. Security Fabric is not necessary for SSID interface though. It's needed on the managment interface for the FAP, "Local_Lan". But since the FAP is online you configured it there.

Only concern is if you configured DNS server with "forward-only" mode on "FORTINETSSID" interface since you set the client's DNS server to be "Same as Interface IP". I wouldn't think this would cause clients not to recieve a DHCP IP as well as DNS server IP as 172.254.1.1. But it would drop the wifi connection shortly after when the client finds out the DNS server is not working since you didn't configure it properly.
If not sure, try change it to "Specify" with like 8.8.8.8/8.8.4.4 to see if it makes any difference.

Toshi

I didn't request but suggested. "forward-only" mode is under DNS services when you enabled "DNS database" feature at System->Feature Visibility in GUI. CLI is much easier. If you don't want to deal with them just don't use the interface IP as client's DNS server IP. Choose either the system DNS or specify.
Anyway, then it's time you need to dig in to debugging. First, run sniffer to see if DHCP requests are arriving and your FGT is responding at FORTINETSSID interface. Below is my 40F with a FAP SSID interface fap221b (actual fap is not 221b though) received and replied to a DHCP request from a wifi client. Can you see the same?

fg40f-utm (root) # diag sniffer packet any 'udp and port 67' 4 0
interfaces=[any]
filters=[udp and port 67]
5.079051 fap221b in 0.0.0.0.68 -> 255.255.255.255.67: udp 361
5.080258 fap221b out 192.168.5.1.67 -> 192.168.5.3.68: udp 335
^C
2 packets received by filter
0 packets dropped by kernel

Toshi