In the attached image the following error is coming when the user is trying to access the ZTNA HTTP/HTTPS access proxy.

The error 504 Gateway Timeout: remote server did not respond to the proxy is coming because in the ZTNA Servers configuration under the section Service/Server Mapping the Service is selected as HTTPS, but the Server port is configured as 80 which is the HTTP port on which the server will be receiving the proxied traffic from FortiGate.

The same can be validated in the Wireshark packet capture taken for the HTTPS ZTNA traffic initiated from the remote end user:

In the packet capture, 3-Way Handshake is completed by the FortiGate <source IP 172.16.1.1> with the real Server <destination IP 172.16.1.3> packets number <91-93>, post that the client sends a packet number <94> over the established TCP connection. Although the packet is labeled as 'HTTP,' the content starts with bytes like 16 03 03 01 ..... these bytes indicate the beginning of a TLS record (the 'Content Type' value of 0x16 corresponds to a 'Handshake' message):

In the packet number <95> the server responds with the HTTP code 400 which means the server couldn't process the request.

Change the Service type to HTTP to resolve the error, as shown in the image:

After changing the service to HTTP, the website opens or the resource was accessible: