If there are concerns that someone might inadvertently
add other interfaces to the wf-vm-zone, clone the WildFire VM Interface
security policy and then in the
Action
tab
for the cloned rule, select
Deny
. Make sure
this new security policy is listed below the WildFire VM interface policy.
This will override the implicit intra-zone allow rule that allows
communications between interfaces in the same zone and will deny/block
all intra-zone communication.