For the intra-zone traffic to function, there is no need to configure additional policies. It is enough to have the zone configured and for the intra-zone to be allowed as described in the KB article below:

Technical Tip: How to enable local intra-zone traffic logs

config system zone
    edit "1"
        set intrazone allow <-----
        set interface "port2" "port3"
    next
end

The following settings should be enabled as well:

config log setting
    local-in-allow enable
    local-out enable

end

This is how a sample log should look (highlighted traffic in bold):

date=2025-02-13 time=17:59:08 eventtime=1739498348199531949 tz="-0800" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" srcip=10.1.60.1 srcname="DESKTOP-E0B8PV5" identifier=1 srcintf="port2" srcintfrole="lan" dstip=10.1.20.2 dstintf="port3" dstintfrole="lan" srccountry="Reserved" dstcountry="Reserved" sessionid=5198 proto=1 action="accept" policyid=0 policytype="local-in-policy" service="PING trandisp="noop" app="PING" duration=120 sentbyte=900 rcvdbyte=900 sentpkt=15 rcvdpkt=15 srchwvendor="VMware" devtype="Server" srcfamily="Virtual Machine" osname="Windows" srcswversion="10 / 2016" mastersrcmac="00:0c:29:c4:f9:c1" srcmac="00:0c:29:c4:f9:c1" srcserver=0 dsthwvendor="VMware" dstdevtype="Desktop" dstfamily="Virtual Machine" dstosname="Windows" dstswversion="10 / 2016" masterdstmac="00:0c:29:f5:60:3f" dstmac="00:0c:29:f5:60:3f" dstserver=0

However, in versions 7.2.10, 7.4.6, and 7.6.3 (and earlier), this traffic is missing in the local traffic. This issue is reported as unexpected behavior and has already been fixed on v7.6.4.