Hi,
I have 3 different security zones. CORP, WAN and SECRET.
I want to be able to pass traffic between CORP and SECRET and between CORP and WAN but not between WAN and SECRET. Each zone has an interface.
I have my zones setup. I was hoping to test the policies by generating a ping packet from the interface of each zone to all other zones. I had expected the ping between WAN and SECRET to fail but it doesn't.
Does traffic generated at the SRX interface still pass through the zone firewall or only if it originates outside the interface?
Thanks