This is just a quick one,
A customer of mine has two companies running in the same building, using the same ISP connection, as such the Firewall is essentially the core of the network. I put in this network and although its not exactly best practise, its a case of making do with what they had and could afford.
Today he logged a support ticket stating he couldnt connect between two internal different subnets any more, (192.168.x.x and 172.16.x.x)
The fix for this was inputting the command;
same-security-traffic permit inter-interface
This allows interfaces that share the same security level to send traffic to one another, you still also need access-rules to permit the traffic aswell!