Sorry for late response as I was on medical for past few weeks.
So as per my understanding, your AP is not joining vSZ controller.
Try below to troubleshoot the issue:
1- Is the controller on same site as firewall or on different site?
2- I can see in network diagram that controller has an IP 192.168.0.2, may I know why you are pointing AP to firewall IP?
3- If AP and vSZ and firewall on same site, than to make things easy, enable the interVLAN routing between AP and vSZ VLAN, so that AP can directly reach controller.
4- Is there any IP mapping (NAT) on your firewall for vSZ?
5- Make sure APs has network connectivity with vSZ IP. Try pinging controller IP from AP.
6- Make sure port 22 and 443 is not blocked between AP to controller network path, in firewall.
7- Is the AP even discovering on controller?
8- Check and make sure you have enough AP licenses on vSZ.
Syamantak Omer | Community moderator | Sr.Staff TSE | CWNA | CCNA | RASZA | RICXI