1.: Where does traffic origin from when DNAT has been applied, from the perspective of zones? I.e. what set of firewalls is applied when I have traffic coming in on WAN which is DNAT to an internal ip on LAN?
The reason I’m asking is that it seems like I did not have to apply any firewall rules to allow the traffic, even though my from WAN rules for both LAN and LOCAL are default drop.
2.: What happens when multiple firewalls are applied to the same zone pair? Example: LAN from WAN has two different firewalls applied.
Are they merged or are they applied in some kind of order?
And here is a third bonus question: Does anyone know if there is any documentation on how to apply CAKE?