We have a DMZ security zone on FTD and it has multiple VLANs / sub-interfaces, I found out every ACP created actually are duplicated to all VLANs / sub-interfaces, for example, my intention is:
Source -> DMZ -> VLAN-A/Sub-Interface-A -> App-A
Source -> DMZ -> VLAN-B/Sub-Interface-B -> App-B
Source -> DMZ -> VLAN-C/Sub-Interface-C -> App-C
But the show access-list CLI reveals it actually like this
Source -> DMZ -> VLAN-A/Sub-Interface-A + VLAN-B/Sub-Interface-B + VLAN-C/Sub-Interface-C -> App-A
Source -> DMZ -> VLAN-A/Sub-Interface-A + VLAN-B/Sub-Interface-B + VLAN-C/Sub-Interface-C -> App-B
Source -> DMZ -> VLAN-A/Sub-Interface-A + VLAN-B/Sub-Interface-B + VLAN-C/Sub-Interface-C -> App-C
As a result of this multiplication, the number of ACL is quite large. Is this the expected behavior or something I can adjust to avoid this? Thanks.
Leo