By default, the firewall denies traffic between data
center zones (interzone traffic) that matches no Security policy
allow rule. Log and examine this traffic to identify attempted attacks
and also traffic you may want to allow.
Traffic that doesn’t match any of the Security
policy rules you configure matches the predefined interzone-default
block rule at the bottom of the rulebase and is denied. To gain
visibility into traffic that doesn’t match a rule you explicitly
configured, enable logging on the interzone-default rule. Logging
this traffic gives you the opportunity to examine access attempts
that you have not explicitly allowed, which may identify attack
attempts or traffic for which you want to modify an allow rule.