I am looking at simplifying my policies with Security Zones for the first time and need some clarification. Since they are assigned to the interface, how are these stored/shared? Per gateway? Per Policy? Global?
How do these work for VPN traffic? Since that technically comes in and out on the external interface, is it seen as an external zone or does it see that it's coming from an internal zone on the other gateway?