Yep, I've just tried it myself and the FW rules don't seem to be applied to existing sessions. Only new ones.
...I've read through CLI hoping there would be a switch to allow killing all active sessions from / to specified zones but there seems to be none.
Just realized we've had this discussion already here »
USG100 - Weird (and frightening) firewall behaviorThe problem is non-trivial, the perfect solution would be to have "flush existing session table" command (or similar). ... but I can't find any.
Reboot or disabling/enabling the WAN interface seems to be the ugly alternative (the interface disable/enable could be scripted and scheduled (I've not tested this))