Thank you for your answer, i try to answer your questions:
1. YES I put the same security zone object in the source and destination column.
2. Which interfaces you connected to that object? Just one interface, is the LAN interface.
3. What is the traffic you expect to be matched on this rule? Is it traffic that comes and goes out from the interfaces you connected to the security zone object?
For example, I defined the eth1-- Security Zone A - Network 172.18.0.0/16
If I have for example a monitoring system with ip 172.18.0.1, and this monitorization have to monitored the firewalls' VIP (172.18.0.2), so I expected the policy was:
From Zone A to Zone A
Rule1.1 -- Src 172.18.0.1 Dst 172.18.0.2 Service Accept
But in the checkpoint, I saw this specific log was from Internal Zone to Local, so the traffic didn`t match the rule1.1, like you have said me.
This traffic started to work when I created the rule without the security zone filter. In this case I understand the acces to the gateway itself is defined like zone local or internal, but this case is extended to every virtual ip published in the gateway too right?
Also, I saw some traffic from a Zone A to Zone B didnt work either, for the same reason, the zone was identify like internal in source and destination.
I really want if it's possible to know in which cases the checkpoint defined one zone as internal or local.