Admin Guide

Knocknoc use cases Knocknoc is extremely versatile and can enable just in time network access co...

Use Case: Eliminating SSH Attack Surface in a Distributed Environment A large distributed enterp...

Protect your existing Fortigate or Palo investments from direct internet exposure by introducing ...

Use Case: Removing VPN Ransomware Risk from Stolen Credentials A mid-size business relied on Int...

Use Case: Dynamic Just-in-Time IP Restrictions for High-Security Subnet A critical infrastructur...

Use Case: Trusted partners secure access to web application A financial services provider relied...

There are various options for protecting your web application using Knocknoc Local Linux firew...

A small business sought a cost-effective, secure remote access solution for their remote desktop ...

An IT managed services provider maintained multiple Fortinet firewalls on behalf of customers, of...

Ivanti Connect Secure devices that have an outer firewall or control layer can be protected from ...

Streaming low-latency video is a challenge for firewalls and VPNs, and Knocknoc is an excellent s...

Having roaming users be able to use a handset from home, and protect your PABX from brute force a...

Knocknoc ships with a script for updating security groups in AWS. Checkout the backend documentat...

Azure Portal or specific Azure services can be further protected through the use of the Knocknoc ...

Knocknoc licensing and pricing can be found on the Knocknoc website. Once you have obtained your...

For the admin who knows what they need and needs a fast way to get it, you can use this command t...

For the admin who know what they need, and needs a fast way to get it, you can use this command t...

The Knocker utility is a command-line tool for managing various backends with ease. It provides c...

User creation varies depending on the authentication source in use. Local users will need to be c...

Groups in Knocknoc map users to Knocs. Users can be assigned to multiple groups, to create a grou...

Admins in Knocknoc can login to /admin on their Knocknoc server, however they can't be granted AC...

The Settings in Knocknoc allows you to configure some of the basic setup like authentication sour...

The Knocknoc software is managed by your operating system, as such updates can be managed within ...

Knocknoc supports local users in addition to SAML/LDAP. Simply add a user, with a username and p...

SAML is an in-depth topic, however it represents the best option for securing users, and providin...

An overview of SAML principles and key terms to help you effectively configure and manage SAML wi...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Where...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Where...

Gsuite can be setup as an Identity Provider if you have Gsuite Business Startter or above plan. ...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Where...

SAML for the admin interface is the same as SAML for the user base with a few very small alterati...

Keycloak supports multiple authentication realms, so you must first select the appropriate realm ...

CyberArk integrates with Knocknoc via the "Web Apps" component, passing through SAML assertions. ...

In this example our Authentik instance is hosted at https://auth.example.com/ and is running vers...

The following example assumes your Knocknoc instance is located at https://your-knocknoc.cloud/. ...

Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as...

IPsets are a powerful and highly efficient way of making a dynamic firewall on a normal Linux mac...

The  FortiOS integration allows Knocknoc to dynamically add and remove user's source IP from a na...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive inte...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive inte...

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server ...

Overview This integration is designed to manage named locations in Microsoft Azure Conditional A...

HAProxy is a fantastic reverse proxy with a massive amount of features. Knocknoc has supported HA...

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPse...

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dyn...

The "Custom Script" Knoc type is simply a script the agent can execute that takes a fixed set of ...

Knocknoc can easily connect to AWS using common utilities and IAM credentials, and update the all...

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a cus...

The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample ...

Nginx support via script was added in knocknoc-agent version 1.0.30. This allows for flexible ACL...

Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knoc...

For additional security and temporal access control, Knoc's support a "click to grant" and "click...

Capturing additional client IP addresses A client may exhibit behaviour where multiple IP addres...

NTP It's important that ALL the servers within the Knocknoc cluster and agents are synchronised ...

The Knocknoc server will need to be able to contact your LDAP server on port 389 or 636. This is ...

Running Knocknoc behind HAProxy could be a great option for people with existing HAProxy deployme...

Checking to see if an ACL is present in HAProxy For when you aren't sure if the whole process is...

Knocknoc keeps a track of the IPs and tries to be kind to users that share IPs. This means that i...