In this use case, the firewall is in a Layer
2 VLAN divided into two subinterfaces. VLAN 100 is 192.168.100.1/24,
subinterface .6. VLAN 200 is 192.168.100.1/24, subinterface .7.
Non-IP protocol protection applies to ingress zones. In this use
case, if the Internet zone is the ingress zone, the firewall blocks
the Generic Object Oriented Substation Event (GOOSE) protocol. If
the User zone is the ingress zone, the firewall allows the GOOSE
protocol. The firewall implicitly allows IPv4, IPv6, ARP, and VLAN-tagged
frames in both zones.