I will install a 7600 with Anomaly Detector and Anomaly Guard Module to mitigate DDoS generated from Internet to some internal target (protected zone).
I will use an internal diversion (inline configuration) with a span session that capture rx traffic from the internet port link. This traffic is destined to a port of Detector.
I would to know if in this implementation I can detect also DDoS traffic generated from Inside network to internet. Can I create another span session that capture traffic from inside network to internet, and destine it to dataport2 of Detector? DDoS Mitigation can take place in both inbound and outbound directions? If I can do it, I need to create zones for all public IP address?