Hi,
What is the purpose of the source zone and destination zone when create a new firewall rule group?
My first thought was that it would serve as a sort of 2-level match, first match the source and destination zones as defined in the group, and if they match scan through the rules inside of it, if not, go to the next group. However, a simple test seems to have failed in this regard. The setup was:
New group, source zone = LAN1, destination zone = WAN
Inside this group: rule 1: source zone = LAN1, destination zone = WAN, apply web filtering
rule 2: source zone = LAN2, destination zone = WAN, apply web filtering
Rule under the group:
rule 3: source zone = LAN2, destination zone = WAN, no web filtering
Expected result: traffic from zone LAN2 is not filtered (does not hit Group due to mis-matching zones, so hits rule 3).
Actual result: traffic from zone LAN2 was filtered (hit rule 2).
Thanks!
Steven.