Skip to main content

Knocs (backends)

Knocs or backends, are systems that the Knocknoc Agent can orchestrate. Select a backend that suits your use case. If you need one that isn't on the list, please let us know as we're expanding these all the time.

Allowlist (EDLs)

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server ...

IPSet (Linux Netfilter/IPTables)

Linux comes equipped with a built-in native firewall which Knocknoc orchestrates via "IPSets". IP...

Windows Firewall

Microsoft Windows comes equipped with a built-in native firewall which Knocknoc orchestrates to p...

Fortigate Address Groups (Fortinet)

The  FortiOS integration allows Knocknoc to dynamically add and remove user's source IP from a na...

Palo Alto

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive inte...

Cisco (SFMC/Firepower)

The  Cisco Secure Firewall Management Console (formerly known as Firepower) integration allows Kn...

Sonicwall

The Sonicwall can be orchestrated in three ways, Actively (API call from an Orchestration Agent t...

Sophos (SFOS/XGS)

The Sophos SFOS/XGS based devices provide advance firewall and UTM capabilities. This replaces th...

Sophos (UTM)

The Sophos UTM device provides firewall and UTM capabilities. Note that this series of devices ar...

FortiManager

The FortiManager is used to manage multiple Fortinet devices, including Fortigate firewalls, APs,...

Juniper SRX

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive inte...

Knocknoc Reverse Proxy

The Knocknoc orchestration Agent - which is deployed alongside managed infrastructure (not on des...

HAProxy

HAProxy is a fantastic reverse proxy with a massive amount of features. Knocknoc has supported HA...

HAProxy + KAT

Sometimes IP address restrictions or IP-based allowlisting is not enough, think: airport lounge, ...

Microsoft Entra

Overview This integration is designed to manage named locations in Microsoft Azure Conditional A...

Microsoft Azure NSG

Overview This integration allows for IP addresses to be dynamically managed within Azure Network...

AWS (EC2) Security Groups

Knocknoc can orchestrate Amazon AWS Security Groups, which essentially provide network level fire...

AWS WAF Ipset

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a cus...

Cloudflare IP lists

Knocknoc can orchestrate Cloudflare IP lists to provide dynamic IP network allowlisting inbound t...

IPsets with UFW

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPse...

IPsets with Shorewall

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dyn...

Mikrotik RouterOS

The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample ...

Nginx

Nginx support via script was added in knocknoc-agent version 1.0.30. This allows for flexible ACL...

Apache Webserver

Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knoc...

Custom Script

The "Custom Script" Knoc type is simply a script the agent can execute directly on the Agent mach...
Back to top