One limitation of using Security Zones in the network is that Security Zones will not work in Manual
NAT rules. Manual NAT rules are rules that explicitly define how to translate the source and
destination IP addresses and ports of each connection. Manual NAT rules do not support using
Security Zones as objects, only network objects or groups. Automatic NAT rules are rules that
automatically define how to translate the source and destination IP addresses and ports of each
connection based on the network objects or groups properties. Automatic NAT rules support using
Security Zones as objects. Security Zones can also work in firewall policy layer and network topology.
Reference: [Security Zones Best Practices], [NAT Methods]
