We have two FTD 1140n devices running 7.6.2.1. They are both managed by a FMCv running 7.6.2. Once the port detection/ prevention setup was made more easily accessible in version 7.4.x (I think) I jumped all over it to make our organization that much more secure. When we first enabled it in detection mode to observe how it worked, we were surprised to see quite a few of our internal (inside) ip addresses scanning outside based ip addresses. I can understand some software’s needing to do this for licensing, updates, etc. so I ignored it. So obviously when I turned it into prevention mode we found multiple inside IP addresses not being able to run certain softwares even though I had placed these interior based subnets in the ignore scanners list. So I had to put the portscan mode back in detection mode. Moist of the incoming attackers on my dashboard show they are using using UDP distributed portscans. They are attacking one of my outside based IP addresses which is Natted to a DMZ based address. The intrusion alert is listed as a medium priority so it just generates an alert instead of a block. Is there a way to generate these events to cause a block instead of an alert? I can right click and block the IPs but I would like to get the udp distributed portscans to this one outside IP blocking automatically.

Is this possible?

Thanks