This can happen if a user suddenly decides to add a couple of VLAN interfaces or interfaces and congregate them into a single interface zone. Configuring interface zones allows for ease of interface management and creation/automation of dynamic objects in FortiManager.

The most common reason a logical/physical interface or VLAN interface cannot be added into interface zone is because the interface already has references: specifically, references in the firewall policies.

The screenshot here shows 2 VLAN interfaces.

VLAN interface 8zone does not have any Reference:

However, VLAN interface 9zone is applied on a firewall policy:

Check whether the interfaces are already used in firewall policies. If they are, it will be necessary to remove the interface from the respective firewall policies before being able to add the interface into the interface zone.

As visible here, the interface that is not referred to in the firewall policy is visible for selection:

The interface 9 zone is not available for selection here.

For a VPN interface, the behavior is the same.

If a VPN is created by any template, it will have a policy created. Due to this, it will not be possible to see it on the list. Refer to the screenshot shown below. 

It is necessary to remove the firewall policy (references). After, it will be possible to add the interface.

It is not possible to see the VPN interface while adding it to the zone:

Once the reference has been removed, it will look like this:

Note:

• An interface cannot be added to multiple zones. It can only be added to one zone. 
• For detailed instructions on how to remove interfaces from a hardware switch, see Removing interfaces from the hardware switch.