Traffic on Tier2 Gateway w/out Failover Event

pfnewb2016

Netgate 6100 running v25.07.1.
The problem was also happening on prior version.

Gateway Group in Failover mode, Packet Loss or Latency.
Starlink is Tier 2, primary ISP is Tier 1.
I am seeing significant traffic, 300k steady - 80Mbs burst, over Starlink without any failover events logged. I'm hitting our Starlink 50GB cap in 4-7 days.
There are no firewall rules that specify the Starlink GW. All fw rules either don't specify a gateway or specify the Tier 1 gateway.
Inbound WAN rules only allow traffic on the Tier1 interface so it should go out the same path it came in on.
Traffic monitor shows the gateway IP and the WAN2 interface as the source/destination.

1. How can I track down the source of the traffic?
2. What could be causing traffic in the absence of a failover event?
3. How can I prevent this?

Thank you for your help.

pfnewb2016

Also, there are 3 IPSEC tunnels on the WAN interface.