Skip to main content

Allowlist (EDLs)

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed. This is sometimes known as "External Dynamic List" feature within firewalls.

Common

Devices Usesupporting Cases

EDLs (+ many others)
  • Palo Alto External Dynamic Lists (EDL)
  • Fortinet External Connectors
  • Juniper SRXSRX, SonicWall
  • F5 BigIP devices (IP intelligence)
  • PfSense, many others
  • Custom web applicationsapplications, scripts, git-foo implementations, etc
Usage

Overall process

  1. LogConfigure intothe Knocknoc Server: Set up a Passive Knoc.
  2. EDL Configuration: Configure the device to point the EDL to the Knocknoc distribution server.
  3. Security Policy Rule: Create a policy referencing the dynamic address and other relevant parameters to suit your Knocknocintended adminfirewall UI at /adminpolicy.
  4. Click
on

Knoc configuration

Create a Knoc under Firewalls/Appliances. Select Passive. Note that no Agent is required for this configuration as the Server is publishing/hosting the Allowlist.

Screenshot 2025-04-10 at 15.26.51.png

Set an API keyskey name, and createdefine aany key

  • IP restrictallowlisting restrictions on the API usagekey-use. sourceNaturally -we restrictrecommend toremoving yourthe trusted"entire sourceInternet" networkrules.

    ranges/IPs

    Screenshot 2025-04-10 at 15.39.08.png

    only.

    Be This can be edited.

  • Click on backends and add a backendmindful of typethe "Allowlist"
    • IP
  • Clickaddress onrestrictions, ACLsby anddefault addit anwill ACLallow andthe selectentire yourv4/v6 newInternet.

    allowlist backend

  • Copy the providedAPI URL.key/token Thisthat is wheredisplayed, your allowlist grantsyou will not be published.able

    • to
  • Whenrecover fetchingthis theafter URL,it usehas httpbeen basicshown.

    authentication

    Screenshot 2025-04-10 at 15.40.48.png

    with:

    Copy

    1. username: apikey 
    2. password: <the API key secretand capturedstore this for future use.

      You now need the unique and random URI published per-Knoc, to be added to the consuming firewall/system.

      Copy/paste the URL  from the Adminrelevant portal>

    • Knoc.

    AnScreenshot 2025-04-10 at 15.41.26.png

    example

    You ACLcan willalso appear assee the below,URI clickfor this Passive Allowlist/EDL by clicking on the copyKnoc:

    icon

    Screenshot 2025-04-10 at 15.42.07.png

    to get the URI. This is then inserted in to your firewall in the appropriate policy/external-list section with the polling configured to an aggressive mode, eg: 1 minute.

    You can test thisthe EDL including authentication using Curl as below:

    curl https://demo.knocknoc.io/api/v1/allowlists/XXX -u apikey:secrettoken

     
    Pros
    • Any device that can poll for a list of IP addresses can integrate with Knocknoc, a good solution for unidirectional network environments or assets deep in an organisation.
    • Does not require a Knocknoc agent to be installed.
    • Provides an additional option for custom integrations.
    Cons
    • Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
    • Polling is typically time-based not event based, this may see a user waiting for access after logging in - depending on the poll interval supported by the infrastructure or appliance.
      •  
    • Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.

    See below on how these can be incorporated in to major vendors via external lists:

    Other platforms are supported, however talk to us about our native/API integrations as these offer many benefits over the time-based polling approach.

    The Allowlist backend is available in Knocknoc v6.0.0.

    Back to top