← Back to integrations
FIREWALL

f5

Trusteed integrates with F5 devices to sync dynamic blocklists, blocking attacker IPs and protecting applications at the edge in real time.

Prerequisites

  • An F5 device that supports ingestion of external blocklists.
  • A Trusteed account with access to the blocklist feed.

Setup Steps

  1. Log in to your Trusteed Console.
  2. Navigate to Integrations → Firewalls → F5.
  3. Click Connect under the F5 logo and assign a unique integration name.
  4. Copy the credentials (displayed once) for configuring your F5 device.
  5. In your F5 management console, add a new blocklist feed.
  6. Enter the Trusteed feed URL in this format:

https://<username>:<password>@api.trusteed.io/v1/integrations/<integration_id>/content

  1. Save and activate the feed.

Blocklist Format Example

Trusteed provides the feed in F5 format, one entry per line:

192.168.38.187,32,BL,trusteed-myF5Integration
192.168.38.188,32,BL,trusteed-myF5Integration

Format: IP , Mask , WL/BL , Category

Outcome

  • Known attacker IPs automatically blocked at the F5 firewall.
  • SOC and SIEM pipelines see fewer false positives.
  • Applications remain protected against targeted attacks with minimal analyst effort.

Next Steps

  • Explore Trusteed’s Blocklist Catalog to subscribe to additional feeds.
  • Combine F5 enforcement with SIEM/SOAR logging for full-stack visibility.
  • Automate workflows by chaining Trusteed enrichment with your remediation playbooks.