Allowlist

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed. This is sometimes known as "External Dynamic List" feature within firewalls.

Common Use Cases

• Palo Alto External Dynamic Lists (EDL)
• Fortinet External Connectors
• F5 BigIP devices (IP intelligence)
• Custom web applications

Usage

1. Log into your Knocknoc admin UI at /admin
2. Click on API keys and add a key with scope allowlists.read
3. Click on backends and add a backend of type "Allowlist"
4. Click on ACLs and add an ACL and select your new allowlist backend
5. Copy the provided URL. This is where your allowlist grants will be published. 
6. When fetching the URL, use http basic authentication with:
   1. username: apikey 
   2. password: <the API key secret captured from the Admin portal>

An example ACL will appear as the below, click the copy icon to get the URI. This is then inserted in to your firewall in the appropriate policy/external-list section with the polling configured to an aggressive mode, eg: 1 minute.

Pros

• Any device that can poll for a list of IP addresses can integrate with Knocknoc, a good solution for unidirectional network environments or assets deep in an organisation.
• Does not require a Knocknoc agent to be installed.
• Provides an additional option for custom integrations.

Cons

• Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
• Polling is typically time-based not event based, this may see a user waiting for access after logging in - depending on the poll interval supported by the infrastructure or appliance.
• Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.

See below on how these can be incorporated in to major vendors via external lists:

• Fortigate (Fortinet): https://docs.fortinet.com/document/fortigate/6.2.0/new-features/625349/external-block-list-threat-feed-policy 
• PAN OS (Palo Alto): https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/external-dynamic-list and https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/configure-the-firewall-to-access-an-external-dynamic-list 
• PfSense: https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
• Sonicwall: https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280
• Checkpoint: https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-network-feed~v2%20 

Other platforms are supported, however talk to us about our native/API integrations as these offer many benefits over the time-based polling approach.

The Allowlist backend is available in Knocknoc v6.0.0.