Automatically block known VPN attackers on your SonicWall firewall with ThreatListPro's real-time IP blocklist. Protect SSL-VPN and Global VPN Client endpoints.
Start Blocking Attacks -- $9.99/moSonicWall SSL-VPN and Global VPN Client endpoints are heavily targeted by automated brute force bots. Recent CVEs have made SonicWall a top priority for attackers.
SonicWall firewalls are widely deployed in SMB environments. SSL-VPN portals are accessible on public IPs and easily fingerprinted by scanners. High-profile vulnerabilities in SonicOS have put SonicWall on every attacker's target list. Even fully patched units face relentless credential-stuffing campaigns from botnets using leaked password databases.
ThreatListPro maintains a continuously updated blocklist of IPs observed attacking VPN endpoints worldwide. By importing this list into your SonicWall as an address group and applying a deny rule, you block attackers at the network layer before they can reach your VPN portal. No TLS handshake, no login page, no resource consumption.
Configure ThreatListPro as a dynamic address group in SonicOS using the Botnet Filter or API-based sync.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
In SonicOS, navigate to Security Services > Botnet Filter. Enable the Botnet Filter feature. Under Dynamic Blocklist, add your ThreatListPro feed URL as a custom blocklist source. Set the download interval to the minimum available.
If you prefer granular control, go to Object > Address Objects and create address objects for the blocklist. Use the SonicOS API to automate synchronization:PUT /api/sonicos/address-objects/ipv4
A simple script can pull from ThreatListPro and push to SonicOS every 5 minutes.
Go to Policy > Rules and Policies > Access Rules. Create a new rule: source zone WAN, source address set to your ThreatListPro address group, destination Any (or your VPN interface), action Deny. Place this rule at the top of your WAN-to-WAN or WAN-to-LAN policy.
Navigate to Investigate > Logs and filter for dropped connections. You should see entries matching the ThreatListPro address group. Check Security Services > Botnet Filter > Statistics for a summary of blocked connections.
Compare automated VPN-focused blocking against other approaches for protecting your SonicWall firewall.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| SonicOS Botnet Filter compatible | ✓ | ✗ | ✓ |
| No scripting or automation needed | ✓ | ✗ | ✓ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
SonicWall supports dynamic address objects via the Botnet Filter and custom blocklist features. You can add ThreatListPro's feed URL as a dynamic group in Object > Address Objects, or use the SonicOS API to synchronize the blocklist. Create an access rule referencing the address group to deny inbound traffic from those IPs.
Yes. ThreatListPro is compatible with all SonicWall models running SonicOS 6.x and 7.x, including Gen 7 TZ, NSa, and NSsp series. The feed is a standard plaintext IP list that can be consumed via dynamic address objects or API-based synchronization.
Yes. ThreatListPro blocks known brute force attacker IPs at the firewall level, which protects all services including SSL-VPN portal, Global VPN Client (IPsec), and any other management interfaces. The block occurs before the attacker can initiate a VPN handshake.
Stop brute force bots with an automated blocklist. No scripting required.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.