https://live.paloaltonetworks.com/t5/general-topics/pa-unable-to-drop-packets-for-scan-host-host-sweep-towards/m-p/133421#M47217 <P>Hi,</P><P>&nbsp;</P><P>Yes, it is the default behavior. The logs appear with other threat logs, but they are not configured through the profiles. You configure it in the zone protection section.</P><P>&nbsp;</P><P>Benjamin&nbsp;</P> Mon, 19 Dec 2016 02:07:48 GMT BenjAudy.MTL 2016-12-19T02:07:48Z https://live.paloaltonetworks.com/t5/general-topics/pa-unable-to-drop-packets-for-scan-host-host-sweep-towards/m-p/133413#M47216 <P>Hi</P><P>&nbsp;</P><P>Can someone clarifies if it is a default behaviour on PaloAlto to allow scan host sweep towards Internet?</P><P>&nbsp;</P><P>It is tagged as medium in Threat Prevention but the firewall unable to block it even though the profile is set to strick that block all Threats categorize from low to Critical.</P><P>&nbsp;</P><P>Thanks,</P><P>Jabuens</P> Mon, 19 Dec 2016 02:00:24 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-unable-to-drop-packets-for-scan-host-host-sweep-towards/m-p/133413#M47216 ErwinBuena 2016-12-19T02:00:24Z https://live.paloaltonetworks.com/t5/general-topics/pa-unable-to-drop-packets-for-scan-host-host-sweep-towards/m-p/133421#M47217 <P>Hi,</P><P>&nbsp;</P><P>Yes, it is the default behavior. The logs appear with other threat logs, but they are not configured through the profiles. You configure it in the zone protection section.</P><P>&nbsp;</P><P>Benjamin&nbsp;</P> Mon, 19 Dec 2016 02:07:48 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-unable-to-drop-packets-for-scan-host-host-sweep-towards/m-p/133421#M47217 BenjAudy.MTL 2016-12-19T02:07:48Z