1 of 1 people found this helpful
The rule that you want to create does sound like the correct route to go, take a look at this KB article. It is actually for an upgrade from a previous product version, but most of it will apply.
Firewall Enterprise/Sidewinder/Secure Firewall 7.x: HA communication or NTP/DNS queries fail after upgrading from Classic/TSP to Firewall Enterprise KB64684
Note: if you create the drop rule and it is not matching the traffic, try setting a redirect for the rule. There are times where traffic with a destination of the firewall may not match a rule unless it has a redirect. If this is the case for you then I would suggest contacting support to report that.
I will do some testing with it and see what happens.