I have a SRX with policy "from-zone TRUST to-zone UNTRUST" which allow any source-address, desination-address and application.
Now I have initiated a ping from TRUST zone to UNTRUST zone.
My doubt is why ping is successfully happening?
My expectation is that as there is not policy that allows traffic from UNTRUST to TRUST. ICMP reply message from UNTRUST zone should be dropped by SRX.
Correct me if my understanding is wrong.