If there are concerns that someone might inadvertently
add other interfaces to the wf-vm-zone, clone the WildFire VM Interface
security policy and then in the
Action
tab
for the cloned rule, select
Deny
. Make sure
this new security policy is listed below the WildFire VM interface
policy. This will override the implicit intra-zone allow rule that
allows communications between interfaces in the same zone and will
deny/block all intra-zone communication.