v26.02

Knocknoc 26.02

Knocknoc 26.02 is a platform-expansion release with a security spine: we’ve pushed deep into legacy UNIX, added new firewall + cloud backends, and strengthened the agent identity + grant verification model - all while making the UI feel sharper, calmer, and more predictable at scale.

🌟 Specialized Agent (HP-UX Risc and Solaris/Sparc)

• HP-UX on risc architecture
  Knocknoc now manages HP-UX/Risc on-host firewall environments (PF and IPFilter), to enable self-defending just-in-time network access, protecting mission critical workloads on-host, without additional firewall technology or in-line devices being introduced.
  
• Solaris on sparc architecture
  Solaris on Sparc on-host firewall environments (IPFilter and PF) now supported, for on-host firewall control. Enterprize license required.

🛡️Fortinet & FortiManager improvements

• Passive+ comes to Fortinet and FortiManager
  Passive+ mode now allows FortiManager to distribute Knocknoc allow-lists and trigger refresh updates on underlying FortiGate devices. This occurs without the use of Active mode, and is fast, responsive and scalable. 

• Fortinet addresses and stale entries
  Fortinet addresses that become stale are now removed automatically, keeping your Fortinet/FortiGate Admin experience cleaner. This is for deployments using Active mode.
• Improved error visibility
  We've improved error visibility, to understand what these mean read more here.

☁️ DigitalOcean Integration

• DigitalOcean firewall orchestration
  Hosting in DigitalOcean? You can now orchestrate native Digital Ocean firewalls. Using tags for both inbound and outbound firewall policies.

🔐 Per-Knoc TOTP/MFA

• Per-Knoc TOTP/MFA (in addition to your IDP MFA)
  If you're using SAML/SSO (which may include MFA), you can add an additional MFA/TOTP challenge within Knocknoc. This is provided out of the box - but importantly it's separate from your SAML or pre-existing MFA challenge. Why? Entra and other IDPs can offer long periods where idle desktops or client machines present risk. Now your high-security Knocs can require another challenge. Attackers phishing Entra or long-auth/refresh tokens won't leave your network infrastructure vulnerable, or visible.

🧰 PF and IPFilter orchestration

• *BSD support added, with PF and IPFilter
  We're huge *BSD fans, and now you can orchestrate PF, and IP Filter.  This is available on the standard agent and the specialized agent, covering your operating-system needs.

🛠 Admin Improvements

• Wizard improvements
  Orchestration Agent capabilities are better mapped, streamlining the Admin experience. If you're trying to add a PF orchestration to a Linux Agent, we've got you covered.
• KnockEvent log consistency + categories
  The KnocEvent log structure allows for SIEM integration, which we've expanded to include Trust and Agent events, to better understand the operating environment from your SIEM. Everyone likes a single pane of glass..
• Agent registration
  Duplicate Orchestration Agents registrations are better handled, rejecting ghost-twins.

🐛 Bug Fixes

• HAProxy: No longer falsely fails when removing non-existing entries

• PanOS: FixedBetter EDL refresh-in-progress error; no retries on unrecoverable errorslogging/reporting

• SonicWall: Better error reporting/logging + CDATA extraction from error responseslogging/reporting
• GELF logging: Fixed message logging bug

• iPad support: Dialogs needing keyboard input aren't horrible anymore

• Themes: improved cache management

Release date: 18th20th February 2026

How do I upgrade?

We intentionally require you to update Knocknoc and any orchestration Agents through your operating system, eg: Linux package management. Ensuring you have complete control on the timing of upgrades and state of your machine, and intentionally avoid automatically updating.

Follow this guide to upgrade when you're ready.

New to Knocknoc? Get started here!