Add ThreatListPro's VPN brute force blocklist to your WatchGuard Firebox using Blocked Sites with an external feed URL. Automatically block attackers before they reach your VPN portal.
Start Blocking Attacks -- $9.99/moWatchGuard Firebox appliances are widely deployed in SMB and enterprise environments. If your Mobile VPN or IKEv2 port is exposed to the internet, bots are already probing it.
Automated scanners continuously sweep the internet for open VPN ports. Once found, they launch credential-stuffing attacks using leaked password databases. Your Firebox logs fill with failed authentication attempts from Mobile VPN with SSL, IKEv2, and L2TP connections, consuming resources and creating noise. Without proactive blocking, it is only a matter of time before a weak or reused credential is guessed.
WatchGuard's Blocked Sites feature supports external feed URLs, allowing your Firebox to automatically download and enforce IP blocklists. ThreatListPro feeds directly into Blocked Sites as an external threat feed, blocking known VPN attackers at the firewall level. No failed logins, no log noise, no wasted resources. The list updates every 60 seconds and your Firebox pulls it on your configured schedule.
Add ThreatListPro as an external feed URL in WatchGuard Blocked Sites. Works with Firebox hardware, FireboxV, and WatchGuard Cloud.
Log in to your WatchGuard Firebox via Fireware Web UI at https://<firebox-ip>:8080 or connect through WatchGuard System Manager.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
Navigate to Firewall > Blocked Sites. Click Add and select Feed URL. Paste the ThreatListPro URL and set the update interval to 60 minutes. Click Save to apply the configuration.
Enable logging for blocked site connections under Logging & Notification. This lets you track blocked VPN brute force attempts in Traffic Monitor and review them in Log Manager or WatchGuard Dimension.
Check Traffic Monitor or Log Manager to confirm that IPs from ThreatListPro are being blocked. Look for denied connections matching IPs on the blocklist. You can also check Blocked Sites to verify the feed URL status shows as active.
See how a VPN-focused blocklist compares to other approaches for protecting your WatchGuard Firebox.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| WatchGuard Blocked Sites compatible | ✓ | ✗ | ✓ |
| Automatic stale IP removal | ✓ | ✗ | ✓ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
In the Fireware Web UI, navigate to Firewall > Blocked Sites and click Add. Select Feed URL as the type, paste your ThreatListPro feed URL, and set the update interval to 60 minutes. The Firebox will automatically download and enforce the blocklist on the configured schedule.
Yes. ThreatListPro is compatible with WatchGuard Firebox hardware appliances, FireboxV virtual appliances, and WatchGuard Cloud-managed devices. Any Firebox running Fireware 12.x or later that supports Blocked Sites feed URLs can use ThreatListPro.
Fireware 12.x and later support external feed URLs in the Blocked Sites configuration. If you are running an older firmware version, upgrade to Fireware 12.x or later to use ThreatListPro's external feed URL feature.
Add ThreatListPro's external feed to Blocked Sites for automated VPN brute force protection.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.