Also be aware that "classic" Layer4* security policies will be evaluated *before* any rules with dynamic-application(s) configured.
That also goes for Layer4 global policies. Those will also be evaluated before policies with dynamic-applications.
Priority is:
L4 zone-based
L4 global
Layer7 (dynamic-application) zone-based
Layer7 (dynamic-application) global
So that will give you the experience of some L4 zone-based rules being used even you have rules with dynamic-applications listed earlier in the rule-set.
As a workaround to this, you can keep your L4 security policies and just add "dynamic-application any" to all of them. Then all rules will be evaluated as you are used to and make it possible to firewall based on applications.
Bonus note: Dynamic-applications are not supported in both zone-based and global context. It either in your zone policies or in the global policies.