Hi, I am wondering where and how zone protection profiles are applied to. I figure if I attach a zone protection profile to a zone, all resources behind that zone are under protection. But let's take the following example: * one interface connected to internet (zone: untrust) * one interface connected to internal LAN (zone: trust) * several interfaces for different DMZs (zone: dmz) Now if I want to protect my DMZ, do I apply the zone protection to the DMZ zone or to the untrust zone? There are actually no resources connected directly to the untrust zone, but I would believe that protecting the untrust zone would automatically protect all zones behind the untrust zone, including DMZ and trust. Am I right with this assumption? In this scenario, why would I still apply different zone protection profiles to DMZ and trust? How does traffic flow relate to zone protection? Thanks zone
... View more