FortiOS, FortiProxy or SSL VPN

Protect your existing Fortigate investments from direct internet exposure by introducing Knocknoc.

This can be achieved in multiple ways through direct or indirect firewall orchestration , effectively adding network application whitelisting after a successful authorized user login to the network edge.

Shown below is the direct-orchestration model, where Knocknoc adds the trusted/authenticated IP address to the relevant policy on the Fortinet, exposing the VPN services to an IP address only after they have successfully authenticated.

Alternatively an agentless deployment can be established using the AllowList feature:

If you need to urgently reduce direct exposure of your Fortigate appliances, please talk to us.