Skip to main content

Allowlist (EDLs)

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed. This is sometimes known as "External Dynamic List" feature within firewalls.

Devices supporting EDLs (+ many others)

  • Palo Alto External Dynamic Lists (EDL)
  • Fortinet External Connectors
  • Juniper SRX, SonicWall
  • F5 BigIP devices (IP intelligence)
  • Cisco Firepower (Dynamic Attributes Connector)
  • PfSense, many others
  • Custom web applications, scripts, git-foo implementations, etc

Overall process

  1. Configure the Knocknoc Server: Set up a Passive Knoc.
  2. EDL Configuration: Configure the device to point the EDL to the Knocknoc distribution server.
  3. Security Policy Rule: Create a policy referencing the dynamic address and other relevant parameters to suit your intended firewall policy.

Knoc configuration

Create a Knoc under Firewalls/Appliances. Select Passive. Note that no Agent is required for this configuration as the Server is publishing/hosting the Allowlist.

Screenshot 2025-04-10 at 15.26.51.png

Set an API key name, and define any IP allowlisting restrictions on the API key-use. Naturally we recommend removing the "entire Internet" rules.

Screenshot 2025-04-10 at 15.39.08.png

Be mindful of the IP address restrictions, by default it will allow the entire v4/v6 Internet.

Copy the API key/token that is displayed, you will not be able to recover this after it has been shown.

Screenshot 2025-04-10 at 15.40.48.png

Copy the API key and store this for future use.

You now need the unique and random URI published per-Knoc, to be added to the consuming firewall/system.

Copy/paste the URL  from the relevant Knoc.

Screenshot 2025-04-10 at 15.41.26.png

You can also see the URI for this Passive Allowlist/EDL by clicking on the Knoc:

Screenshot 2025-04-10 at 15.42.07.png

You can test the EDL including authentication using Curl as below:

curl https://demo.knocknoc.io/api/v1/allowlists/XXX -u apikey:secrettoken

Pros
  • Any device that can poll for a list of IP addresses can integrate with Knocknoc, a good solution for unidirectional network environments or assets deep in an organisation.
  • Does not require a Knocknoc agent to be installed.
  • Provides an additional option for custom integrations.
Cons
  • Polling is typically time-based not event based, this may see a user waiting for access after logging in - depending on the poll interval supported by the infrastructure or appliance. 

See below on how these can be incorporated in to major vendors via external lists:

Other platforms are supported, however talk to us about our native/API integrations as these offer many benefits over the time-based polling approach.

Back to top