Using Zone elements for interface matching in Access rules
Access rules apply to all network interfaces, unless you use Zone elements to match traffic based on which interfaces traffic passes through.
Zone elements are interface references that can combine several network interfaces of an engine into one logical entity. Using Zones in the Source or Destination cells allows you to restrict traffic according to which interfaces the traffic passes through. Zones can be useful, for example, when a type of traffic is only valid it when it passes through a specific interface, but basic Anti-Spoofing allows the traffic on any interface.