You may want to try to do a packet capture from the paticular source ip 10.1.2.166 to the destination 169.254.196.189. THis way you will see what kind of traffic is being sent / received. once you know this you can analyze
My problem is not that the flow is blocked. The problem is that 169.254.196.189 is a non-routed IP that is given by windows when a system doesn't have an IP address configured (or cannot get a DHCP address). So, why is host 10.1.2.136 trying to send traffic to that IP?
Occasionally a device gets the 169 address (usually failed DHCP), but once it gets a valid IP it registers to DNS with the 169 address. Check your DNS table and make sure there are no 169 addresses. In this case 10.1.2.136 queries DNS to lookup the IP for SERVER1. DNS reports back 169 and it then goes out the default gateway and you see the drops. It's a long shot, but it does happen!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...