← Back to integrations
FIREWALL
f5
Trusteed integrates with F5 devices to sync dynamic blocklists, blocking attacker IPs and protecting applications at the edge in real time.
Prerequisites
- An F5 device that supports ingestion of external blocklists.
- A Trusteed account with access to the blocklist feed.
Setup Steps
- Log in to your Trusteed Console.
- Navigate to Integrations → Firewalls → F5.
- Click Connect under the F5 logo and assign a unique integration name.
- Copy the credentials (displayed once) for configuring your F5 device.
- In your F5 management console, add a new blocklist feed.
- Enter the Trusteed feed URL in this format:
https://<username>:<password>@api.trusteed.io/v1/integrations/<integration_id>/content
- Save and activate the feed.
Blocklist Format Example
Trusteed provides the feed in F5 format, one entry per line:
192.168.38.187,32,BL,trusteed-myF5Integration
192.168.38.188,32,BL,trusteed-myF5Integration
Format: IP , Mask , WL/BL , Category
Outcome
- Known attacker IPs automatically blocked at the F5 firewall.
- SOC and SIEM pipelines see fewer false positives.
- Applications remain protected against targeted attacks with minimal analyst effort.
Next Steps
- Explore Trusteed’s Blocklist Catalog to subscribe to additional feeds.
- Combine F5 enforcement with SIEM/SOAR logging for full-stack visibility.
- Automate workflows by chaining Trusteed enrichment with your remediation playbooks.