So you suspect there is no need to shut down the global NIC, if the zone uses 
exclusive IP and it is on a separate subnet and there is no routing between the 

Ok, that is an interesting thought. What do you other people say? In that case 
a local zone can not ping (reach) the global zone? 

I was thinking that the only way to reach internet, would be through a local 
zone. The global zone should be completely isolated from the rest of the world 
(zones, internet) and have no working NIC. The question is, in that case, how 
can I ssh into a local zone if the global zone has no outside connection??

(BTW, I dont know how to do what you suggest, as I am a Solaris noob. I just 
planned to create exclusive-ip vnic and a vswitch and connect them - have I 
done what you described then? Are they on a separate subnet? Or do I need to do 
some additional configuration?)
