As below diagram shown, the Indian XX customers bought the USG2110 firewall, as the internet access security gateway. Required to connect the up and down lines of business with a Layer 2 interface, four connections outside the network internet, Port 3,4 in the DMZ area, 1 and 2 to the network trust zone area. Port 0 connect MPLS area. After deployment, found interzone policy between trust and untrust zone did not working.
Ping packets can pass through untrust to trust zone，no other log。
Change the Port 4 interface to a layer 3 port, and add the L3 port to untrust zone ,Interzone policy was working. The issue was solved.
Consult the manual that, the low-end firewall layer 2 ports are all in one switch board, using unique CPU, interzone policy is controlled by a different CPU, resulting policy does not work.
L2 ports should put into two zones in Low-end firewalls(USG2000)