Hi,
and welcome to the Forums!
Coming from Netscreen/Juniper, eh?
You' re right, a policy that wide open covers all traffic from internal to WAN (this is FortiSpeak). The destination ALL or ' 0.0.0.0' stands for all networks and is most often used on WAN interfaces.
You' ll find yourself working with interfaces a lot more than you' re used to. But, there is a zone construct in FortiOS as well. It combines several interfaces so that it can replace multiple policies with just one. You can allow or deny intra-zone traffic. If you want to create a zone, you have to do that before referencing the member interfaces elsewhere.
Common scenario for a zone: combine multiple VPN tunnel ends into a VPN zone for a hub-and-spoke VPN.
Ede Kernel panic: Aiee, killing interrupt handler!