Hello,
What the mentioned configuration does is Any traffic coming from any Sources in Trust zone & Going to any destinations in Untrust zone will be subjected to the Interface-PAT.
By default Security Policies from zone Trust to zone Untrust on the box will filter the traffic.
But if you have certain IPs in Trust Zone that should never go across Untrust, you can put firewall filter in the inbound direction on interface/s in Trust Zone so the traffic is dropped even before Firewall is required to do session lookup or process to intall session thus saving the resources of Firewall.
Otherwise this configuration is ok.
Regards,
Rushi