Protect your Cisco ASA and Firepower VPN endpoints from brute force attacks with ThreatListPro's real-time IP blocklist. Works with FMC Security Intelligence, TID, and standalone ASA ACLs.
Start Blocking Attacks -- $9.99/moCisco AnyConnect VPN is the most widely deployed enterprise VPN client in the world, making it a top target for credential-stuffing and brute force attacks.
Cisco ASA and FTD appliances running AnyConnect are attacked millions of times daily. Attackers use automated tools to cycle through stolen credential lists against the HTTPS-based login portal. Each attempt consumes CPU, memory, and VPN session resources on the ASA. Large-scale attacks can degrade VPN performance for legitimate users.
ThreatListPro blocks known VPN attackers before they reach the AnyConnect portal. Using FMC's Security Intelligence feature or ASA ACLs, the blocklist drops traffic from attacker IPs at the network layer. No TLS negotiation, no XML login page served, no DAP evaluation -- the connection is silently dropped.
Choose the method that matches your deployment: FMC-managed FTD or standalone ASA.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
In Firepower Management Center, navigate to Intelligence > Sources > Collections. Click Add URL, paste your ThreatListPro feed URL, and set the update interval to 5 minutes. Then go to Policies > Access Control, click the Security Intelligence tab, and add the ThreatListPro source to the Block List for Network objects. Deploy to your FTD devices.
For standalone ASA without FMC, use a scheduled script to download the ThreatListPro feed and push it as a network object group via the ASA REST API:POST /api/objects/networkobjectgroups
Reference the object group in an ACL applied to your outside interface:access-list outside_in deny ip object-group ThreatListPro any
If using FMC with TID enabled, navigate to Intelligence > Sources and add ThreatListPro as a flat file source with URL download. TID will automatically create observables and publish indicators to all managed sensors for blocking.
In FMC, check Analysis > Connection Events and filter by Security Intelligence action. For standalone ASA, review syslog messages with IDs 106023 (ACL deny) to confirm blocks. You should see traffic from ThreatListPro IPs being denied.
Compare automated VPN-focused blocking against other approaches for your Cisco environment.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| FMC Security Intelligence compatible | ✓ | ✗ | ✓ |
| Standalone ASA support | ✓ | ✓ | ✗ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
On Cisco FTD managed by FMC, use the Threat Intelligence Director (TID) to subscribe to ThreatListPro's feed or plaintext IP list. On standalone ASA, use a script to download the blocklist and push it as a network object group via the ASA REST API, then reference it in an ACL applied to the outside interface.
Yes. ThreatListPro blocks known brute force attacker IPs at the firewall level, before the AnyConnect SSL/TLS handshake occurs. This means attackers cannot reach the AnyConnect login page, attempt credentials, or consume ASA resources with failed authentication attempts.
Yes. In FMC, navigate to Intelligence > Sources and add ThreatListPro as a flat file or URL-based source. FMC will download the list and distribute it to all managed FTD devices. You can also use Security Intelligence policies to apply the blocklist as a blacklist for incoming connections.
Block brute force bots at the network layer. Works with ASA, FTD, and FMC.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.