Default route should be 0.0.0.0/0.
Also, in your policy, do you have NAT src set? Automatic NAT will only happen between trust to untrust. As this is a custom zone, you need to specify NAT src in your trust to untrust policy.
You also mentioned VLANs. Is the switch port set to access or trunk? If it is trunk, you would need to create a subinterface with the matching VLAN.