Information
This is to make sure that only specific, authorized traffic are allowed between networks in the same zone.
Rationale:
This adds an extra layer of protection between different networks
Solution
In this example, we'll turn of intra-zone traffic in the zone DMZ.
In CLI:
FGT1 # config system zone
FGT1 (zone) # edit DMZ
FGT1 (DMZ) # set intrazone deny
FGT1 (DMZ) # end
FGT1 #
In the GUI, click on Network -> Interfaces, select the zone and click on 'Edit' and turn on 'Block intra-zone traffic'
Default Value:
By default, intra-zone traffic is blocked