The Self Zone
Traffic directed to the router itself (as opposed to traffic going through the router as transit traffic that is not destined directly to the router) involves the self zone. Traffic destined to the router, regardless of which interface is used, is considered to be going to the self zone. Traffic being sourced from the router is considered to be coming from the self zone. By default, all traffic to the self zone or from the self zone (which really means all traffic from the router or to the router) is allowed. However, if you want to create policies related to traffic to or from this self zone, you do it the same way by creating zone pairs and assigning a policy to the zone pair. Table 15-4 describes self zone traffic behavior.
Regarding the self zone, if there is a zone pair but no policy is applied, the default behavior is to forward all traffic (which is different from the traffic between manually created zones). When configuring a zone pair that includes the self zone, the administrator must allow management traffic to be allowed so as to prevent administrative connections from being denied.