We are migrating from ASA to FTD, and we have a large number of L3 interfaces on ASA as servers' default gateway, so on FTD we need to keep them as sub-interfaces and group them into a small number of Zones.
At GUI I configured Source -> Zone1.Subinterface.1:TCP443 with certain rules, and we have Subinterface.2 and Subinterface.3 in the same Zone1, some how I found "duplicated" and "non-applicable" entries have been created at the ACL like
Source -> Zone1.Subinterface.2:TCP443
Source -> Zone1.Subinterface.3:TCP443
... ...
Is this expected behavior? My concern is that it might be ended up with a unnecessary large size ACL. Thanks.