Can this somehow avoided with better config of Default Frontend receive connector?
It is not recommended to modify the settings of the five default receive connectors (including the Default Frontend receive connector).
I would suggest just leave it as the default setting to avoid issues.
Or rather is an security issue and communication need to be better protect for example on external firewall?
To me this may seem like probes or script attacks.
If you have found a large amount of suspicious requests from some specific ip addresses, please consider blocking these ip addresses on your firewall.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.