Search Results

Agent error code #CHKP005 indicates that the Check Point gateway refused the request with a bare HTTP 404 or 403 and no specific error code in the body. The gateway gives the same response whether the shared secret is wrong or the agent's source IP is not auth...

Agent error code #CHKP050 indicates that the Knocknoc agent's request to register a user's identity on the Check Point gateway was rejected, and the rejection did not match a more specific cause. This is the generic "push failed" code. When Knocknoc can identi...

Agent error code #CHKP051 indicates that the Knocknoc agent's request to remove a user's identity from the Check Point gateway was rejected on grant revocation or logout. A "not found" response on removal is not treated as this error. If the identity is alread...

Agent error code #CHKP052 indicates that the Access Role configured on the Knoc does not correspond to an Access Role object on the Check Point gateway. Knocknoc never creates or modifies Access Roles. It only assigns an existing role to authenticated user IPs...

Agent error code #CHKP053 indicates that the Check Point gateway's response showed the Identity Awareness blade is not active. Without that blade the Identity Web API is not served, so Knocknoc cannot register identities. A bare 404 or 403 without a clear "ide...

Agent error code #CHKP054 indicates that the per-identity session timeout Knocknoc sent with the identity was below the minimum the Check Point gateway will accept. The gateway rejected the registration as a result. When Knocknoc registers an identity it sets ...

Agent error code #CHKP400 indicates that the Knocknoc agent received a response from the configured endpoint that it could not parse as an Identity Web API reply. This almost always means the Gateway Hostname or its port is pointing at something that is not th...

Agent error code #CHKP401 indicates that the Check Point gateway returned a server error (HTTP 5xx) in response to an Identity Web API request. The request reached the API but the gateway failed to process it on its side. Unlike the 4xx-class errors, this is a...

Knocknoc 26.06 is one of our largest releases yet! Six new platform integrations, a native iOS app, improved CGNAT handling, SAML validation for Admins along with admin-group provisioning, smarter self-healing orchestration agents for less-reliable control lay...

Closed beta. The Knocknoc mobile app is currently available to beta testers only and is not yet published on the Apple App Store or Google Play. The Knocknoc mobile app keeps your access working as you move around. Knocknoc grants access based on your curren...

Knocknoc can refuse a grant when threat intelligence flags the connecting IP address. When that happens the grant is recorded as blocked rather than granted, and the user is told their access was refused. An administrator who trusts the connection can override...

Configure 1Kosmos as a SAML identity provider (IdP) for Knocknoc. Once connected, your users authenticate against 1Kosmos — including its biometric and passwordless factors — and Knocknoc maps their group membership to access entitlements. This example assumes...

Ping Identity SSO Configure PingOne as a SAML identity provider (IdP) for Knocknoc. Users authenticate against Ping, and Knocknoc maps their group membership to access entitlements. This example assumes your Knocknoc instance is at https://<tenant>.knoc.cloud....

IPsets with firewalld On RHEL-family hosts — and any distribution that uses firewalld as its firewall front-end — Knocknoc does not talk to firewalld directly. As with the main IPSet backend, Knocknoc orchestrates the kernel's native IPSets, and firewalld simp...

Overview The Knocknoc OpenBSD Agent is orchestration software for managing just-in-time network access. It runs as the unprivileged _knocknoc-agent user, connects to your Knocknoc server over WebSocket, and enforces access locally through the configured integr...

Knocknoc integrates with the PF packet filter to dynamically control network access on a host that the agent runs on directly. As users authenticate and grants expire, the agent adds and removes their IPs from a PF table; your own pass/block rules reference th...