An MSSP managed multiple firewalls and needed remote console access, also sharing this to select customers who partially self-managed. To solve this, Knocknoc brokers just-in-time visibility after engineers authenticate, leaving the firewall management consoles dark between sessions with no zero-day exposure, all without a desktop installation. No additional VPNs, no IP address problems, simple but very effective just-in-time network access through to critical firewall management interfaces.
An MSSP running a sizeable firewall fleet balanced SLA speed with the high risk of Internet-facing consoles.
Their goal was to preserve agility while eliminating always-on exposure across a multi-tenant customer base, without creating central points of network failure.
Engineers authenticate via the IdP; Knocknoc adds their IP to the relevant firewall policy for a time-boxed session, using the Active or EDL orchestration methods depending on the platform and risk model. When the session ends, access and exposure evaporates.
Customers’ consoles stopped appearing in scans, no more Internet exposure. Change management and customer change requests handling stayed quick; risk dropped.
The MSSP is extending the model to other third-party admin surfaces (backup consoles, hypervisors, lights-out management networks) to unify how remote operations are secured.
Remote ≠ exposed. Knocknoc gives MSSPs just-in-time console access after out-of-band authentication , then auto-removes it. Customers stay safe; engineers stay fast.