I see in the ZFW config under class-default they used "pass" on the inside and outside zones. Do you think it would be count if I matched everything to an inspect? Also I did nbar match protocol snmp rather than using an ACL. When should be use an ACL and when is it ok to do match protocol? Would I get point on below?
access-list 101 permit ip any any
class-map all-traffic
match access-g 101
class-map snmp
match protocol snmp
policy-map inside-outside
class all-trafifc
inspect
policy-map outside-inside
class snmp
drop
class all-traffic
inspect