By default, all intrazone traffic (source
and destination in the same zone) is allowed. After the firewall
evaluates Security policy, it either allows traffic controlled by
application whitelist rules, denies traffic controlled by block
rules, or if intrazone traffic matches no rules, the firewall allows
it by default. (The firewall blocks interzone traffic by default.)
Because of the valuable nature of data center assets, the best practice
is to monitor all traffic inside the data center between data center
servers, including traffic allowed by the intrazone default allow
rule.
To gain visibility into this traffic, enable logging
on the intrazone-default rule when it applies to traffic within
zones inside the data center. Logging this traffic gives you the
opportunity to examine access that you have not explicitly allowed
and which you may want to either explicitly allow by modifying a
whitelist rule or explicitly block.