Firewalla routing 10.0.0.0 addresses via public internet

I am using a network in my home lab using 10.60.0.0/24 and could not reach my hosts from my LAN1 network

I logged into the Firewalla and did a traceroute to my host address and got

pi@Firewalla:~ (Firewalla2) $ traceroute 10.60.0.11
traceroute to 10.60.0.11 (10.60.0.11), 30 hops max, 60 byte packets
 1  154.61.62.145 (154.61.62.145)  3.723 ms  4.011 ms  4.349 ms
 2  172.16.0.37 (172.16.0.37)  5.062 ms  5.061 ms  5.016 ms

It seems the FW is routing packets destined for a 10.0.0.0/8 network externally

Once i added a static route internally, my traceroute worked as expected

pi@Firewalla:~ (Firewalla2) $ traceroute 10.60.0.11
traceroute to 10.60.0.11 (10.60.0.11), 30 hops max, 60 byte packets
 1  172.17.1.244 (172.17.1.244)  0.450 ms  0.334 ms  0.271 ms
 2  10.40.0.1 (10.40.0.1)  6.629 ms  6.580 ms  6.520 ms
 3  10.20.0.4 (10.20.0.4)  0.143 ms  0.091 ms  0.135 ms
 4  * * *
 5  * * *

Thoughts ?