If there is a security policy let's say
WEB group should only talk to APP group through TCP port 8080. Why don't we optimise resources by applying policies only to destination group instead of marking both the groups in "Applied to" field
I mean if we apply policies just at destination group , we can still achieve protection with reduced resource utilisation (We are not applying policy at source thus saving resources)..
Or the main goal is to save overall traffic and so we are applying policy at both source/destination at the cost of higher resource utilisation.
Am I missing something?