NSA 2600 - Internal Firewall - WAN not Required
I'd like to use our spare NSA 2600 to protect a restricted zone hosting devices like backup repositories. The plan is to secure and separate the zone from the production zone using the NSA 2600 so in case the backup server is compromised from threats like ransomware, we would still be able to recover from backups repositories. I tried to unassign X1 but it's not allowing me because it says that one interface has to be in the Load Balancing.
I'm thinking that perhaps the best way is to use and connect the WAN (X1) interface to the production zone (like the core switch) and the X0 to the Restricted Zone and just explicitly allow traffic from X1 to X0.