We've been experiencing the same thing. I opened a ticket with Support and this was their initial response. "The traffic in question is targeting the MX public IP and a non used port. This traffic is indeed didn't advance. Since there is no advancement, to a two way traffic the internal blocker doesn't detect anything to block so the default value for the traffic will be marked as "allowed". "Allow" statement doesn't mean the traffic was allowed in. It is just the default value when no two-way bad traffic flow was detected. I added a Layer 7 Deny rule for the IP that was hitting us and a day or two later, we saw the same Allow status from the same IP. I questioned support about this and below is their response to that. "There is no NAT/Port forwarding Rule that will allow any income traffic to pass over to he LAN side. The traffic in questions is hitting the MX WAN side and never advanced either by a reply from the MX or by passing it over to any LAN client. Default value for such criteria is "Allowed". When adding a Layer 7 rule, it will not affect the behavior of the IDS/IPS since it is on a different category of blocking. Filter event logs using "layer 7 firewall rules". It shows no traffic detected for that newly added L7 rule to block. Which means no advancement to any LAN host. "
... View more