← Back to integrations
FIREWALL
Checkpoint
Trusteed integrates with Checkpoint firewalls to sync dynamic blocklists, blocking malicious IPs and reducing noise in real time
Prerequisites
- A Checkpoint gateway or firewall that supports IOC (Indicators of Compromise) feeds.
- A Trusteed account with access to the blocklist feed.
Setup Steps
- Log in to your Trusteed Console.
- Navigate to Integrations → Firewalls → Checkpoint.
- Click Connect under the Checkpoint logo and create a unique integration name.
- Copy the credentials (displayed once) — these will be needed in Checkpoint.
- In Checkpoint, open Gateways and Servers, double-click your gateway, and enable Threat Prevention (Custom).
- Go to Security Policies → New IOC Feed.
- Add your Trusteed feed URL in the following format:
https://<username>:<password>@api.trusteed.io/v1/integrations/<integration_id>/content
- Test the feed and save your configuration.
Blocklist Format Example
Trusteed delivers the feed in Checkpoint IOC format:
TrusteedFeed,192.168.38.187,IP,high,high,FW,Known attacker IP
TrusteedFeed,192.168.38.188,IP,high,high,FW,Known attacker IP
Format:UNIQUE-NAME , VALUE , TYPE , CONFIDENCE , SEVERITY , PRODUCT , COMMENT
Outcome
- Malicious IPs automatically blocked at the gateway.
- SOC and SIEM pipelines see fewer false positives.
- Analysts save time, while targeted attacks are contained at the perimeter.
Next Steps
- Browse Trusteed’s Blocklist Catalog to subscribe to additional feeds.
- Extend protection by combining Checkpoint enforcement with SIEM/SOAR logging.
- Automate response workflows with Trusteed’s enriched intelligence.