What traffic is typically not allowed through a custom interface in a security zone?

The concept of a custom interface in a security zone is centered around the principle of least privilege, which means that only the traffic that is explicitly allowed by the defined policies is permitted to pass through that interface. This means that by default, all traffic is blocked unless there are specific rules in place to allow certain types of traffic.

Therefore, when a custom interface is configured, the default setting is typically to deny any traffic that has not been explicitly allowed, making it essential for administrators to carefully define and manage the permitted rules. This approach enhances security by minimizing the attack surface and reducing the risk of unauthorized access, as only traffic that meets the stringent criteria set within the policies will be allowed.

This understanding emphasizes the importance of properly configuring security zones and interfaces to maintain a robust security posture, making the option that states all traffic except that specifically permitted by policies as the correct answer.