I created a new FQDN address object to facilitate a new Policy(rule). When tested the FQDN resolves internal to the Palo Alto Firewall. The rule contains one destination address which is the new company.fqdn.com FQDN The rule contains one source address Application SSL with Application-Default Service Action Allow When attempts are made to connect to this destination via the new rule with the FQDN set(destination), the traffic is denied(fails) and logs point to(identify) the "interzone-default" rule instead of the "new rule" that is set up to facilitate this connection But when I replace the FQDN(destination) with it's resolved IP in the new rule, it works fine(allowed) and logs point the occurrence to the "new rule" (not the interzone-default) as to be expected since that is normal behavior Questions: Why would the interzone-default rule become a part of the failed attempt to connect to the new rule Anyone know why connection fails with the FQDN set as destination rather than it's resolved IP address As anyone had a similar experience Thanks in advance.
... View more