Hi Luis,
I think that my real question is the second part of what you are saying--how to handle the traffic. I have Reth interfaces in two different VLANs, because the way that the traffic flows (from attachment) is in from the top SRX VPN devices "bganap", then into the cfw devices, where some of the traffic is inspected (special cases), then to the bottom FWs (which are the new SRX devices in question).
SRX & Netscreens all are in the same VLANs.
Then from there out to the internet. So those FWs at the bottom are going to need to be running with Netscreens (not shown), and since I inherited this network, but have to upgrade to separate the traffic, handleing the traffic is what I don't have clear in my mind.
How would I keep the Netscreens inspecting only one group of IPs and the SRXs another without interfering with each other. I guess I'm looking for some possible config options.
As far as zones, we have two: land and satellite. The satellite side is our customer base, land takes them out to the internet.