That's exactly the configuration I have right now.   The traffic should be allowed as I have:

Allow:  Source: inside_zone, any network, any port    Destination: outside_zone, any network, any port

Allow:  Source: outside_zone, any network, any port   Destination:  inside_zone, any network, any port 

Also, wouldn't blocked traffic show up on the dashboard?   

It would log. 

But look. You said above:

"I have a simple configuration:   On the inside I have a single computer, 192.168.0.21/16.  On the outside I have single computer, 192.168.2.20/16."

It wont work as both interface is on the same network. You need to change the mask to 255.255.255.0.

 The firewall need to have interfaces on different network. 

Thanks Flavio for the quick responses.   So I changed the netmask on both ends but still no ping response on the outside nor anything showing up on a packet sniffer on the inside.   Also tried to reverse the roles and ping from the inside.   On the FDM dashboard I see nothing on the throughput display nor any events.

Check if PC are properly configured with default gateway. 

 For test purpose, create another inside interface and try it. If ping, you know that it id about rules. 

My Linux computers 'netstat -r' show:

Outside (Redhat 6)

Destination      Gateway              Genmask             Flags     Interface

192.168.2.0    *                         255.255.255.0      U          eth0

default             192.168.2.254   0.0.0.0                  UG        eth0

Inside (Redhat

Destination      Gateway              Genmask             Flags     Interface

default             _gateway            0.0.0.0                  UG        enp2s0

192.168.0.0    0.0.0.0                255.255.255.0      U          enp2s0

It is interesting now that I've done this, I can no longer connect the two together (bypassing the firewall) and ping.

Just take one min and rearrange all subnet mask in both PC and inside/outside interface of fpr all must have /24 subnet mask and all must have unique IP address.

Please add correct defualt gw IP in both PC

My FPR interfaces do not have IP addresses assigned.   Didn't know that would be required.

More info:   With the above network configuration, when I hook the two computers direct (firewall bypassed), if I ping the outside from the inside computer and put a packet sniffer on the outside computer, I see ARP requests from the inside computer but I see no ICMP packets and no response from the ping on the inside computer.

Friend since both pc in different subnet you need ip for fpr interface'

The fpr will routing between two subnet.

I just added 192.168.2.1/24 to the outside interface and 192.168.0.1/24 to the inside interface.   No change.

Ate these IP what you use for GW in both PC ?

Bingo!    That was the problem.   Changed the default gateways on the PC to their respective FPR interface and it works!

So here is another question:    In my deployed configuration I'll have a bunch of PCs all connected to a layer 2 network switch within a VLAN.   They will all have 205.19.x.x/16 addresses.   One of these computers currently comes in from the "outside" and the intent was to connect the firewall between the network switch and the "outside" computer.  Given this working configuration I'm thinking this firewall might not handle this.   Thoughts?

No same lab we make it work above can apply to your network with SW and one PC outside.

Do same steps and make sure you assign correct GW in PC in both side of FPR.

MHM