It's not interface dependent with access-groups like on, say, an ASA.
You get a separate firewall for cellular failover, for data usage control.
Then you have a general L3 firewall. As per the screenshot below, inbound traffic will be restricted according to the other rules on the Firewall page:
If you've got 1:1 NAT or 1:Many, you can restrict allowed remote IPs directly on those statements if you really need. (I'm personally skeptical on the value of IP blocks, since spoofing is a thing.)
As far as outbound interface preferences, you can create a flow preference in the SD-WAN & Traffic Shaping section.
This only works outbound, not inbound.
>Does any on know if is it possible to specify Inbound interface or outbound interface in a layer 3 rule ?
What happens is no traffic is allowed inbound by default until you create a NAT rule to allow it. When you create a NAT rule there is a section where you can limit where that NAT can be accessed from.
