My understanding says it is more worth to apply IDP only from Untrust to all zones direction as this is direction from where most attacks come from and decrease the amount of traffic processed by IDP if you have a lot LAN to LAN or cross site traffic over MPLS.
Please share your insights.
Generally we does not recommend to open policy from Untrust to Trust untill you have some web services or application hosting . But when you have untrust to trust policy , its advanced to have IDP policy for the same . But if you have appID or Apptracker , thats applied from trust to untrust based on requirement . Normally the IDP is applied from Untrust to trust .
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....