USG2110 interzone policy base layer2 ports was not working issue

Publication Date:  2014-07-01 Views:  464 Downloads:  4
Issue Description
As below diagram shown, the Indian XX customers bought the USG2110 firewall, as the internet access security gateway. Required to connect the up and down lines of business with a Layer 2 interface, four connections outside the network internet, Port 3,4 in the DMZ area, 1 and 2 to the network trust zone area. Port 0 connect MPLS area. After deployment, found interzone policy between  trust and untrust zone did not working.
Alarm Information
Ping packets can pass through untrust to trust zone,no other log。 
Handling Process
Change the Port 4 interface to a layer 3 port, and add the L3 port to untrust zone ,Interzone policy was working. The issue was solved.
Root Cause
Consult the manual that, the low-end firewall layer 2 ports are all in one switch board, using unique CPU, interzone policy is controlled by a different CPU, resulting policy does not work.
Suggestions
L2 ports should put into two zones in Low-end firewalls(USG2000)

END