Search Results

Use case: Removing VPN ransomware risk from stolen credentials A mid-size business relied on Internet-exposed VPN appliances to provide extranet access for staff, contractors, and business partners. Due to legacy constraints, some external users still used si...

Use case: Dynamic just-in-time IP restrictions for high-security subnet A critical infrastructure environment needed to restrict access to specific high-security internal networks to trusted IP addresses dynamically, allowing access only for short-lived perio...

Use case: Trusted partners secure access to web application A financial services provider relied on periodic uploads through an Internet-exposed web application. Although the application was actively maintained, it posed substantial value and risk to the orga...

An IT managed services provider maintained multiple Fortinet firewalls on behalf of customers, often responding to urgent service desk requests requiring 24/7 access. These firewalls were deployed across various locations and managed by multiple members of the...

Announcing Knocknoc 7.0   We’re excited to introduce Knocknoc 7.0, a landmark release packed with features to enhance security, usability, and performance. Here's what's new: Enhanced Security •    'Require Click' for User Access Grants: Access controls can...

The Knocknoc software is managed by your operating system, as such updates can be managed within your patching cycle and complete control. These are applied by utilizing your relevant package management system, as below. On Debian / Ubuntu and similar vari...

The  Cisco Secure Firewall Management Console (formerly known as Firepower) integration allows Knocknoc to dynamically add and remove user's source IP from a named address group. This address group can then be used in whatever Firewall rule you like, opening u...

The granting and revoking of access by Knocknoc occurs on a number of events, including: User login Interactive 'click to grant' activity Interactive 'click to revoke' activity User login/session timeout Grant timeout (device/back-end specific) User lo...

Things go wrong from time to time, the best way to understand more detail is to increase the log level verbosity. LogLevels can be set as "error" "warn" "info" "debug" "trace", increasing in verbosity. LogLevel = "info" # this is the default #LogLevel = "de...

Knocknoc 7.6 Knocknoc 7.6 continues the theme of user-experience improvements, this time for end users. But don't be fooled, there's other goodies in here for you. Don't miss the Palo Alto enhancements - we now leverage the powerful Palo Alto User-ID feature...

Overview This integration allows for IP addresses to be dynamically managed within Azure Network Security Groups (NSGs), which are used by default as the inner firewalls protecting virtual machines. Other Azure assets (PaaS etc) are managed using separate Kno...

To create a SaaS Server instance (we host it) log in to the licensing portal and follow the prompts. Set a hostname. We can BYOK on Standard+ and above plans. Once payment information has been completed the instance will build. The initial username/pass...

User sessions can be created using the API. This is handy for machine to machine authentication, and is where knocknoc-client authentication requests are also configured. As an Admin, create a local user, selecting API Key as the authentication method: Vis...

User sessions can be terminated using the API. This is handy for integration with revocation systems, SOAR/SIEM integrations whereby immediate termination of network access and sessions is desired. As an Admin, visit the API keys section and choose"Manage use...

Allowlists or External Dynamic Lists (EDLs) served from Knocknoc require an API key for access, in conjunction with the specific EDL URI. These API keys are automatically created when a Passive integration is established, however can be edited or expanded. A...

API keys can be created to allow just-in-time orchestration Agent registration, which is suitable for infrastructure-as-code or pipeline deployments whereby the Admin doesn't want to create an Agent registration key prior to deployment and registration. As an...

Users are assigned a default "grant period" (in minutes), either within Knocknoc for local users, or passed as a SAML attribute through "sessionDuration".  These can be overridden per-Knoc, allowing certain access oaths to have shorter periods if so desired. ...

Knocknoc 8.0 Knocknoc 8.0 delivers a powerful set of updates, enhancing validation on connecting clients beyond just source IP addresses through the introduction of Knocknoc Access Tokens for web transactions. Additionally, fine-grained per-Knoc session limit...

To gain access to underlying networks and systems, end-users  log in to Knocknoc interactively via the Server component. This provides registered orchestration-Agents information to perform ongoing access provisioning. If you need to script access in a non-in...

Sometimes IP address restrictions or IP-based allowlisting is not enough, think: airport lounge, CGNat or other large, untrusted NAT environments. That's why Knocknoc extends HAProxy in an innovative way through the addition of Knocknoc Access Tokens. Knockno...