Configure ThreatListPro's curated VPN brute force blocklist as an External Dynamic List on your Check Point firewall. Block attackers before they reach your VPN gateway.
Start Blocking Attacks -- $9.99/moCheck Point gateways are high-value targets for attackers. If your Remote Access VPN or Mobile Access portal is internet-facing, bots are already probing it.
Automated scanners continuously sweep the internet for exposed VPN endpoints. Once discovered, they launch credential-stuffing attacks using leaked password databases. Check Point SmartConsole logs fill with failed authentication attempts, consuming gateway resources and triggering unnecessary alerts. Without proactive blocking, it is only a matter of time before a weak or reused credential is compromised.
Check Point supports External Dynamic Lists that automatically fetch and enforce IP blocklists. ThreatListPro feeds directly into Check Point as an EDL object, blocking known VPN attackers at the gateway level before authentication even begins. No failed logins, no log noise, no wasted resources. The list updates every 60 seconds and your gateway pulls it on your configured schedule.
Add ThreatListPro as an External Dynamic List in SmartConsole. Works with Quantum, CloudGuard, and Maestro.
Open Check Point SmartConsole and connect to your Security Management Server. Ensure you have administrator privileges to create objects and modify security policies.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
Navigate to Objects > More Object Types > Network Object > Dynamic Objects. Create a new EDL object, paste the ThreatListPro feed URL, and set the update interval to 60 minutes. Name it ThreatListPro_EDL for easy identification.
Go to Security Policies > Access Control. Add a new rule: set Source to your EDL object, Destination to your VPN gateway, Action to Drop, and Track to Log. Place this rule above your VPN access rules for priority enforcement.
Click Install Policy to push the changes to your gateway. Verify blocked connections in Logs & Monitor > Logs by filtering for the ThreatListPro_EDL source object.
See how a VPN-focused blocklist compares to other approaches for protecting your Check Point gateway.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| Check Point EDL compatible | ✓ | ✗ | ✓ |
| Automatic stale IP removal | ✓ | ✗ | ✓ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
In Check Point SmartConsole, navigate to Objects > More Object Types > Network Object > Dynamic Objects. Create a new EDL object, give it a descriptive name, paste your ThreatListPro feed URL, and set the update interval to 60 minutes. Then reference this object in your Access Control policy rules.
Yes. ThreatListPro works with all Check Point platforms including CloudGuard, Quantum, and Maestro. Any Check Point gateway that supports External Dynamic Lists can consume the ThreatListPro feed. The setup steps are the same across all platforms via SmartConsole.
ThreatListPro uses a plain text format with one IP address or CIDR range per line. This is fully compatible with Check Point's External Dynamic List format. No conversion or reformatting is needed — simply paste the feed URL into your EDL object configuration.
Add ThreatListPro as an External Dynamic List for automated VPN brute force protection.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.