Search Results

Overview This integration allows for IP addresses to be dynamically managed within Azure Network Security Groups (NSGs), which are used by default as the inner firewalls protecting virtual machines. Other Azure assets (PaaS etc) are managed using separate Kno...

To create a SaaS Server instance (we host it) log in to the licensing portal and follow the prompts. Set a hostname. We can BYOK on Standard+ and above plans. Once payment information has been completed the instance will build. The initial username/pass...

User sessions can be created using the API. This is handy for machine to machine authentication, and is where knocknoc-client authentication requests are also configured. As an Admin, create a local user, selecting API Key as the authentication method: Vis...

User sessions can be terminated using the API. This is handy for integration with revocation systems, SOAR/SIEM integrations whereby immediate termination of network access and sessions is desired. As an Admin, visit the API keys section and choose"Manage use...

Allowlists or External Dynamic Lists (EDLs) served from Knocknoc require an API key for access, in conjunction with the specific EDL URI. These API keys are automatically created when a Passive integration is established, however can be edited or expanded. A...

API keys can be created to allow just-in-time orchestration Agent registration, which is suitable for infrastructure-as-code or pipeline deployments whereby the Admin doesn't want to create an Agent registration key prior to deployment and registration. As an...

Users are assigned a default "grant period" (in minutes), either within Knocknoc for local users, or passed as a SAML attribute through "sessionDuration".  These can be overridden per-Knoc, allowing certain access oaths to have shorter periods if so desired. ...

Knocknoc 8.0 Knocknoc 8.0 delivers a powerful set of updates, enhancing validation on connecting clients beyond just source IP addresses through the introduction of Knocknoc Access Tokens for web transactions. Additionally, fine-grained per-Knoc session limit...

To gain access to underlying networks and systems, end-users  log in to Knocknoc interactively via the Server component. This provides registered orchestration-Agents information to perform ongoing access provisioning. If you need to script access in a non-in...

Sometimes IP address restrictions or IP-based allowlisting is not enough, think: airport lounge, CGNat or other large, untrusted NAT environments. That's why Knocknoc extends a reverse-proxy in an innovative way through the addition of Knocknoc Access Tokens. ...

The FortiManager is used to manage multiple Fortinet devices, including Fortigate firewalls, APs, switches and more. Utilizing Knocknoc with FortiManager local-in access controls can be applied, limiting exposure to Admin login source addresses dynamically. T...

You may want to limit the ability to access a Knoc, depending on where your user is logging in to Knocknoc from.  For example, an internal subnet should only be opened up if the user is connecting from an internal IP address range, or if they are connected to...

Knocknoc 8.5   Knocknoc 8.5 delivers key improvements in usability, integrations, and security, while paving the way for future growth. Security is enhanced through updated server components, Golang and library upgrades, and additional hardening measures, inc...

The auto-browse option available within the Knoc configuration, automatically forwards the user after successful login, to the Knoc should it be the only Knoc they have available to them. This can streamline the users login experience, and depending on the pr...

The Sophos UTM device provides firewall and UTM capabilities. Note that this series of devices are being EOL'd by Sophos in favour of the SFOS devices (June 2026), which can also be integrated with Knocknoc following this guide. UTM Configuration Firstly c...

The Sophos SFOS/XGS based devices provide advance firewall and UTM capabilities. This replaces the previous UTM devices, which can be integrated here. Knocknoc manages IP addresses within a host-group, it does not edit/change firewall policies, and operates w...

Knocknoc 8.5   Knocknoc 8.5 delivers key improvements in usability, integrations, and security, while paving the way for future growth. Security is enhanced through updated server components, Golang and library upgrades, and additional hardening measures, inc...

The orchestration agent can be configured to reverse-proxy traffic, simply by enabling this mode and completing a few configuration options, you'll be on your way to controlling HTTPs or TCP attack surface, without an additional firewall or other layer beyond ...

The Knocknoc orchestration Agent - which is deployed alongside managed infrastructure (not on desktops) - can be converted to an in-line reverse proxy, providing access control at layer-7 (HTTP/HTTPs) or layer-3 for TCP, linked to Knocknoc. This allows the ce...