Search Results

On a Linux host as Root, execute the below command to setup and install a Knocknoc Agent. You will be stepped through the process. curl -sSL https://packages.knocknoc.io/setup/setup_knocknoc_agent.sh | bash The installer runs on Debian, Ubuntu, Redhat, Oracle,...

On a Windows machine as an Admin, download and install the Orchestration Agent. It will install as a service by default. You then provide token information to connect to your Knocknoc Server for centralized management.  This is not installed by end users for ...

Default deny is a wonderful thing, the best place to be - except when you lock yourself out. Thankfully Knocknoc has a break-glass control if you need. Follow these steps to add a 20 minute access path, it requires Admin access. Log in to your Admin cons...

Default deny is the best way to live. However sometimes you need to manually grant access for a new IP you don't control, or otherwise lock yourself out. Knocknoc lets Administrators safely create a short-lived manual access when needed. This is a good way to ...

Knocknoc can orchestrate Cloudflare IP lists to provide dynamic IP network allowlisting inbound to Cloudflare, should you use this to protect web or other assets. These IP lists are managed at the Account level, allowing use across the Cloudflare filtering ser...

Knocknoc 26.01 Knocknoc 26.01  sharpens the Palo Alto experience for both administrators and end-users, introducing a much simpler configuration option and stronger safeguards. It also adds Cloudflare support, improves multi-node deployments, and delivers bro...

Passive+, Passive or Active? Knocknoc orchestrates Palo Alto and Panorama devices in a number of ways; actively, passively or a combination known as passive+. This allows Administrators to configure the appropriate level of trust, network access and orchestrat...

f you're after the very latest features or changes, and you know what you're doing - below is how to change from the main release channel, to the Beta channel. This does mean you're running Beta code, YMMV, and whilst you can move from Beta back to Main, it's...

Like all technology, backing up configuration files and data is paramount, in the case of Knocknoc the Server and Agent locations to capture are found below. Server Data resides in two locations; disk and database. For Linux, the default installation locati...

For additional security and identity verification, Knocs support a "Require TOTP code when accessing grant" option. Note that this TOTP is within the Knocknoc product, and is in addition to any MFA provided during an SSO session. For example if you have Entra...

Agent error code #298000 indicates that the agent failed to refresh an External Dynamic List (EDL) or dynamic external object on a firewall, for reasons that don't fall into more specific error categories. This error typically occurs when: The configured EDL ...

Agent error code #298002 indicates that the agent encountered a TLS/SSL certificate error when attempting to connect to a firewall. The secure connection could not be established because the certificate presented by the firewall failed validation. This error o...

Agent error code #298003 indicates that the agent failed to authenticate with a firewall when attempting to refresh an external object (such as an External Dynamic List or dynamic group). The firewall rejected the credentials provided by the agent. This error ...

Agent error code #299999 is reserved for unexpected internal agent failures that don't fit into any other category. It serves as a catch-all for unanticipated error conditions. If you encounter this error, it indicates an unexpected condition occurred within t...