Skip to main content

Firewall Manager access

Protect your existing Fortigate or Palo investments from direct internet exposure by introducing Knocknoc.

Remote management and administration interfaces, VPN services/ports or any service offered can be protected, requiring a centralised login prior to presenting network exposure. A quick way to support remote management without the Internet exposure risk, removes the threat of zero-days as it is simply invisible prior to logging in to Knocknoc, which opens access just in time.

This can be achieved in multiple ways through active or passive firewall orchestration , effectively adding network application whitelisting only after a successful authorized user login to the network edge.

Shown below is the direct-orchestration model, where Knocknoc adds the trusted/authenticated IP address to the relevant policy on the Fortinet, exposing the VPN services to an IP address only after they have successfully authenticated.

data-flow-diagrams-20241210 copy-Detailed.drawio (4).png

Alternatively an agentless deployment can be established using the AllowList feature:

allowlist.png

This can be combined in a passive-allowlist model along with an API call which updates the policies (causing a live poll), giving you the best of both worlds - low privilege API access along with a polled allowlist.

This can be used to remove the attack surface of VPN services/protocols prior to centralized login or prevent asset exposure to zero-day attacks as they simply inaccessible.

If you need to urgently reduce direct exposure of your Fortigate, Palo or other appliances, please talk to us.