Traffic that doesn’t match any of the Security
policy rules you configure matches the predefined interzone-default
rule at the bottom of the rulebase and is denied. To gain visibility into
traffic that doesn’t match a rule you explicitly configured, enable
logging on the interzone-default rule. Logging this traffic gives
you the opportunity to examine access attempts that you have not
explicitly allowed, which may identify attack attempts or traffic
for which you want to modify a whitelist rule to allow.