← Back to integrations
FIREWALL

Checkpoint

Trusteed integrates with Checkpoint firewalls to sync dynamic blocklists, blocking malicious IPs and reducing noise in real time

Prerequisites

  • A Checkpoint gateway or firewall that supports IOC (Indicators of Compromise) feeds.
  • A Trusteed account with access to the blocklist feed.

Setup Steps

  1. Log in to your Trusteed Console.
  2. Navigate to Integrations → Firewalls → Checkpoint.
  3. Click Connect under the Checkpoint logo and create a unique integration name.
  4. Copy the credentials (displayed once) — these will be needed in Checkpoint.
  5. In Checkpoint, open Gateways and Servers, double-click your gateway, and enable Threat Prevention (Custom).
  6. Go to Security Policies → New IOC Feed.
  7. Add your Trusteed feed URL in the following format:

https://<username>:<password>@api.trusteed.io/v1/integrations/<integration_id>/content

  1. Test the feed and save your configuration.

Blocklist Format Example

Trusteed delivers the feed in Checkpoint IOC format:

TrusteedFeed,192.168.38.187,IP,high,high,FW,Known attacker IP
TrusteedFeed,192.168.38.188,IP,high,high,FW,Known attacker IP

Format:
UNIQUE-NAME , VALUE , TYPE , CONFIDENCE , SEVERITY , PRODUCT , COMMENT

Outcome

  • Malicious IPs automatically blocked at the gateway.
  • SOC and SIEM pipelines see fewer false positives.
  • Analysts save time, while targeted attacks are contained at the perimeter.

Next Steps

  • Browse Trusteed’s Blocklist Catalog to subscribe to additional feeds.
  • Extend protection by combining Checkpoint enforcement with SIEM/SOAR logging.
  • Automate response workflows with Trusteed’s enriched intelligence.