Additional client IP addresses

AdditionalCapturing additional client IP addresses

A client may exhibit behaviour where multiple IP addresses are observed ~~(or may be)~~ as part of the authentication request. Situations such as:

Internal IP addresses (eg: 10.0.x.x / RFC1918), should the Server (or MYIP component) be ~~externally~~Internally hosted.
Round-robin IP address ~~assignment~~assignment, as part of CGNat ~~masquerading, sometimes seen~~masquerading for stateless protocols.
Varying source/client IP addresses for stateful (eg: SSH, RDP) protocols versus stateless (eg: HTTP/HTTPS) or ports such as 443/tcp.

Another example may be where a Knocknoc Server is hosted and ~~directly~~accessible ~~accessible~~for some users via an internal (eg: RFC1918, 192.168.x) IP address, but you want certain ACLs to additionally receive the external IP address -for ~~not~~the ~~just~~same anuser. ~~internal~~ ~~address.~~

Alternatively you may cloud/externally host the Knocknoc server, but still want to capture internal IP ~~addresses for internal grants.~~

addresses.

Knocknoc has support for this within the ACL structure via the "Include additional IP addresses" ~~option.~~

option,

Tohowever ~~enable~~must ~~this,~~first be enabled in the Admin ~~setting~~Settings ~~must~~page.

~~be enabled to collect any additional IP address information from the client user after they have logged in.~~

The additional IP addresses observed can then be added to the grant list, only if the option is enabled per ACL. This allows you to only expand the IP addresses for a particular ACL.

You can develop and host your own component that fits the expected IP address response, eg: a Microsoft .Net, Java or Node/Go/PHP microservice/function, and configure Knocknoc to use this to capture the relevant IP addresses in the parts of your organisation that matter. Get in touch to talk to us about this option.