Search Results

In this example our Authentik instance is hosted at https://auth.example.com/ and is running version 2024.12.2 Our Knocknoc instance is a cloud instance with URL https://authentiktest.knoc.cloud. If you are using a cloud server, replace with your own URL, or i...

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a custom HTML 403 response and integrate it with your update-aws-waf-ipset.sh script (which follows the argument order <ACTION> <ACL_NAME_OR_ID> <IP_ADDRESS>). This gui...

Knocknoc keeps a track of source IP addresses and tries to be kind to users that share IPs. Think: shared office IP NAT address when using an Internet-hosted Knocknoc. This means that if two users are coming from the same IP, revoking a session for the first u...

Logging is important - we love logging. Because of this, we have included an easy to find, follow and parse log output that provides an additional layer of visibility across your Knocknoc user activity, including logins, access grants, manual interactions, as ...

Use case: Removing VPN ransomware risk from stolen credentials A mid-size business relied on Internet-exposed VPN appliances to provide extranet access for staff, contractors, and business partners. Due to legacy constraints, some external users still used sin...

Use case: Dynamic just-in-time IP restrictions for high-security subnet A critical infrastructure environment needed to restrict access to specific high-security internal networks to trusted IP addresses dynamically, allowing access only for short-lived perio...

Use case: Trusted partners secure access to web application A financial services provider relied on periodic uploads through an Internet-exposed web application. Although the application was actively maintained, it posed substantial value and risk to the orga...

An IT managed services provider maintained multiple Fortinet firewalls on behalf of customers, often responding to urgent service desk requests requiring 24/7 access. These firewalls were deployed across various locations and managed by multiple members of the...

Announcing Knocknoc 7.0   We’re excited to introduce Knocknoc 7.0, a landmark release packed with features to enhance security, usability, and performance. Here's what's new: Enhanced Security •    'Require Click' for User Access Grants: Access controls can...

The Knocknoc software is managed by your operating system, as such updates can be managed within your patching cycle and complete control. These are applied by utilizing your relevant package management system, as below. On Debian / Ubuntu and similar variant...

The  Cisco Secure Firewall Management Console (formerly known as Firepower) integration allows Knocknoc to dynamically add and remove users' source IP from a named address group. This address group can then be used in whatever Firewall rule you like, opening u...

The granting and revoking of access by Knocknoc occurs on a number of events, including: User login Interactive 'click to grant' activity Interactive 'click to revoke' activity User login/session timeout Grant timeout (device/back-end specific) User logout E...

Things go wrong from time to time, the best way to understand more detail is to increase the log level verbosity. LogLevels can be set as "error" "warn" "info" "debug" "trace", increasing in verbosity. LogLevel = "info" # this is the default #LogLevel = "de...

Knocknoc 7.6 Knocknoc 7.6 continues the theme of user-experience improvements, this time for end users. But don't be fooled, there's other goodies in here for you. Don't miss the Palo Alto enhancements - we now leverage the powerful Palo Alto User-ID feature y...

Overview This integration allows for IP addresses to be dynamically managed within Azure Network Security Groups (NSGs), which are used by default as the inner firewalls protecting virtual machines. Other Azure assets (PaaS etc) are managed using separate Knoc...

To create a SaaS Server instance (we host it) log in to the licensing portal and follow the prompts. Go to licensing.knocknoc.io and : Start a cloud trial / subscription Create a Cloud Instance and give it a name (e.g. test-instance). Your instance will...

User sessions can be created using the API. This is handy for machine to machine authentication, and is where knocknoc-client authentication requests are also configured. As an Admin, create a local user, selecting API Key as the authentication method: Visit ...