Search Results

Knocknoc 8.5   Knocknoc 8.5 delivers key improvements in usability, integrations, and security, while paving the way for future growth. Security is enhanced through updated server components, Golang and library upgrades, and additional hardening measures, incl...

Knocknoc supports two ways to redirect the user to a specific site from the Knocknoc Dashboard. The first way is to redirect from a parameter in the URL used to access the Dashboard, the second is to have a user automatically redirect when logging in with a si...

Knocknoc server v8.5+ installs with a local installation of PostgreSQL by default. However, you may bring your own PostgreSQL instance (such as AWS RDS, Azure Database for PostgreSQL or a local cluster) by choosing to enter an alternate database connection str...

The Sophos UTM device provides firewall and UTM capabilities. Note that this series of devices is being EOL'd by Sophos in favor of the SFOS devices (June 2026), which can also be integrated with Knocknoc following this guide. UTM Configuration Firstly create...

The Sophos SFOS/XGS based devices provide advanced firewall and UTM capabilities. This replaces the previous UTM devices, which can be integrated here. Knocknoc manages IP addresses within a host-group, it does not edit/change firewall policies, and operates w...

The orchestration agent can be configured to reverse-proxy traffic, simply by enabling this mode and completing a few configuration options, you'll be on your way to controlling HTTPs or TCP attack surface, without an additional firewall or other layer beyond ...

Debian distros (Ubuntu etc) If you are getting this error: Failed to fetch https://packages.knocknoc.io/debian/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG E3AB5DF76BBF701F Knocknoc Support <support@knocknoc.io> You may have the o...

Knocknoc 25.12 Knocknoc 25.12 is a Windows-first release focused on making Just-In-Time (JIT) access easier to deploy and operate across Windows environments. The headline upgrade is the Windows Agent now managing the local Windows Firewall for true on-host ne...

The Knocknoc orchestration Agent - which is deployed alongside managed infrastructure (not on desktops) - can be converted to an in-line reverse proxy, providing access control at layer-7 (HTTP/HTTPs) or layer-3 for TCP, linked to Knocknoc. This allows the cen...

The Knocknoc Server can be deployed in various ways to match your high-availability needs and deployment models. Ultimately the Knocknoc solution comprises these three components: Server Database Orchestration Agent(s) The Server (web-app) can be deployed: ...

If you installed Knocknoc Server before version 8.5 (September 2025), your instance is likely using a local SQLite database. The Knocknoc Server now uses PostgreSQL as its primary database. This guide explains how to use the "knocker convertdb" tool, which is ...

The SonicWall can be orchestrated in three ways, Actively (API call from an Orchestration Agent to the Firewall), Passively via SonicWalls DEAG polling capability, or a combination known as Passive+, where a DEAG is used with an active force-download-now call ...

Microsoft Windows comes equipped with a built-in native firewall which Knocknoc orchestrates to provide just-in-time network access control, effectively removing always-on attack surface for your Windows Servers. Ports and services like RDP become invisible, p...

Windows Servers and RDP/WinRM - removing pre-auth attack surface A mid-sized business uses RDP and WinRM to manage a Windows fleet of servers, however wasn't comfortable with always-on network exposure of these ports/protocols - even to internal management net...

On a Linux host as Root, execute the below command to setup and install a Knocknoc Agent. You will be stepped through the process. curl -sSL https://packages.knocknoc.io/setup/setup_knocknoc_agent.sh | bash The installer runs on Debian, Ubuntu, Redhat, Oracle,...

On a Windows machine as an Admin, download and install the Orchestration Agent. It will install as a service by default. You then provide token information to connect to your Knocknoc Server for centralized management.  This is not installed by end users for a...

Default deny is a wonderful thing, the best place to be - except when you lock yourself out. Thankfully Knocknoc has a break-glass control if you need. Follow these steps to add a 20 minute access path, it requires Admin access. Log in to your Admin cons...