My top security rule looks like this:
The sinkhole object is defined as FQDN:
The FQDN resolves ok.
So why the heck is this traffic matching the rule?
My sinkhole rule sends an email when it's matched, so this is causing an headache.
The source IP is 0.0.0.0 which I read is that the PA think's it's flood traffic. But still, it should not match this rule because the destination is clearly not matching.
no clue :/