A zoneless trigger is a condition that occurs when an IPS device registers a filter trigger match on a segment even though the filter that is causing the trigger is not enabled in that particular segment.
This condition occurs because the triggering mechanism is enabled in a global context. When you enable a filter (irrespective of segment), the trigger is installed into Tier 1 (which is where trigger matching occurs). This trigger will then match against traffic from all segments. If the filter is only enabled on segment 1 but it triggers against traffic on segment 2, then the trigger match will be reported as Zoneless.
Example: A profile named "Internet" has filter 0164 (ICMP Echo request) enabled for block + notify and this profile is only applied to segment 1. Segments 2, 3 and 4, do not have filter 0164 enabled, but because the profile "Internet" on segment 1 has filter 0164 enabled, all "pings" detected through all segments will be sent for deep inspection but will only be blocked on segment 1 as that is the only segment that has the filter enabled.
View zoneless statistics: In TOS 2.5.4 a new CLI functionality was added to the show np rule-stats command by adding a <zoneless> subcommand. This subcommand will display the zoneless hits recorded by the IPS since the last reboot or the last clear np rule-stats. In order to view the zoneless statistics issue the command "show np rule-stats zoneless" (deprecated in TOS v3.9.0).
Note: Watch out for filters with lots of zoneless triggers, if you are experiencing performance problems, you may need to disable that filter across all segments, including the ANY-ANY segment.