Qs: under same zone or different zones?
Ans: if you use same zone for Untrust interfaces then you need one policy for Trust interface to untrust interfaces. you need 2 seperate policies if you use different zones for untrust interfaces.
For e.g :
ONE ZONE for interfaces connected to the router
Trust zone to Untrust zone ======> one policy
TWO ZONE for interfaces connected to the router
Trust zone to Untrust1 zone ======> one policy
Trust zone to Untrust2 zone ======> second policy
What are the advantages of using two interfaces?
Ans: It is only possible when you have 2 interfaces, each connected to each router.
Thanks
Atif