Skip to main content

Knocs (backends)

Knocs or backends, are systems that the Knocknoc Agent can orchestrate. Select a backend that suits your use case. If you need one that isn't on the list, please let us know as we're expanding these all the time.

Allowlist (EDLs)

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server ...

IPSet (Linux Netfilter/IPTables)

Linux comes equipped with a built-in native firewall which Knocknoc orchestrates via "IPSets". IP...

Windows Firewall

Microsoft Windows comes equipped with a built-in native firewall which Knocknoc orchestrates to p...

Fortinet

Knocknoc orchestrates Fortinet FortiGate firewalls - directly or via FortiManager - to dynamicall...

Palo Alto

Knocknoc integrates with Palo Alto firewalls and the Panorama management system to dynamically gr...

Cisco (SFMC/Firepower)

The  Cisco Secure Firewall Management Console (formerly known as Firepower) integration allows Kn...

SonicWall

The SonicWall can be orchestrated in three ways, Actively (API call from an Orchestration Agent t...

Sophos (SFOS/XGS)

The Sophos SFOS/XGS based devices provide advanced firewall and UTM capabilities. This replaces t...

Sophos (UTM)

The Sophos UTM device provides firewall and UTM capabilities. Note that this series of devices is...

FortiManager

The FortiManager is used to manage multiple Fortinet devices, including Fortigate firewalls, APs,...

Juniper SRX

Passive, Active or a combination Passive - Knocknoc's Allowlist feature provides a passive integr...

Knocknoc Reverse Proxy

The Knocknoc orchestration Agent - which is deployed alongside managed infrastructure (not on des...

HAProxy

HAProxy is a fantastic reverse proxy with a massive amount of features. Knocknoc has supported HA...

Google Cloud Platform (GCP)

Knocknoc integrates with Google Cloud Platform to dynamically control network access via VPC Fire...

HAProxy + KAT

Sometimes IP address restrictions or IP-based allowlisting is not enough, think: airport lounge, ...

Microsoft Entra

Overview This integration is designed to manage named locations in Microsoft Azure Conditional Ac...

Microsoft Azure NSG

Overview This integration allows for IP addresses to be dynamically managed within Azure Network ...

AWS (EC2) Security Groups

Knocknoc can orchestrate Amazon AWS Security Groups, which essentially provide network level fire...

AWS WAF Ipset

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a cus...

Cloudflare IP lists

Knocknoc can orchestrate Cloudflare IP lists to provide dynamic IP network allowlisting inbound t...

DigitalOcean Firewalls

Knocknoc can orchestrate DigitalOcean Cloud Firewalls to provide dynamic IP network allowlisting ...

IPsets with UFW

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPse...

IPsets with Shorewall

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dyn...

Mikrotik RouterOS

The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample ...

Nginx

Nginx support via script was added in knocknoc-agent version 1.0.30. This allows for flexible ACL...

Apache Webserver

Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knoc...

Custom Script

The "Custom Script" Knoc type is simply a script the agent can execute directly on the Agent mach...
Back to top