By default, all intrazone traffic (source
and destination in the same zone) is allowed. After the firewall evaluates
Security policy, it either allows traffic controlled by application
allow list rules, denies traffic controlled by block rules, or if
intrazone traffic matches no rules, the firewall allows it by default.
(The firewall blocks interzone traffic by default.) Because of the
valuable nature of data center assets, the best practice is to monitor
all traffic inside the data center between data center servers,
including traffic allowed by the intrazone default allow rule.
To
gain visibility into this traffic, enable logging on the intrazone-default
rule when it applies to traffic within zones inside the data center.
Logging this traffic gives you the opportunity to examine access
that you have not explicitly allowed and which you may want to either
explicitly allow by modifying an allow rule or explicitly block.