By default, LAN traffic is not inspected by deep inspection blades.
To turn on deep inspection:
For Locally Managed appliances:
In the WebUI, go to Device > Advanced Settings.
Search for these Stateful Inspection attributes:
For each one, double click the attribute name.
In the window that opens, select the checkbox and click Apply.
For Centrally Managed appliances:
Connect to the Security Management Server with the GuiDBedit Tool.
Go to Global Properties > properties > firewall_properties and locate a property called
Set the relevant property to
Save the changes: go to the File menu and click Save All.
Close the GuiDBedit Tool.
Install the policy on your device.
The LAN interfaces should be set to separate network and unassigned from the internal switch.
Traffic between two LAN interfaces which are assigned to the switch will not be inspected even when the above settings are applied.