Troubleshooting Tip: ZTNA HTTPS proxy GUI duplicate entry error when adding server mapping (a duplicate entry already exists)

FortiGate devices which are configured with ZTNA HTTPS Proxy rules may experience this error where they have multiple FQDN-based server mappings defined under a single ZTNA server object. 

The error in question looks like this:

When manually configuring the same setup in the CLI, the error does not occur and the configuration changes go through without any problems. Try using this method to work around the issue.

The following is an example configuration:

config firewall access-proxy
    edit "ZTNA HTTPS Proxy"
        set vip "ZTNA HTTPS Proxy"
            config api-gateway
                edit 1
                    set virtual-host "vHost"
                        config realservers
                            edit 1
                                set ip x.x.x.x
                            next

                        end

                    next
                end

After adding or deleting on CLI no errors will appear but while on GUI the above error will interrupt the config change. This issue is caused by an internal GUI validation and state-handling defect in specific FortiOS versions, where the ZTNA server mapping form incorrectly detects duplicate url-map entries and improperly updates cached configuration data when exiting the edit page without saving.

The workaround is to perform the change on configuration with CLI.

The fix for this issue is being shared on the FortiOS version 7.4.9 build 2825 and 7.6.5 build 3635.

If the issue appears while remaining on the fixed version, it is recommended to report the issue to the Fortinet Technical Support team to troubleshoot further.