DNS allow list / cloud RMM and AV access for isolated endpoints
R
Robert Dana
Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added.
Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.
T
Travis Langley
Another vote for this. I'm trying to get Datto RMM Web Remote working. I'd also like to see the option to select multiple Allowlist records for deletion, so once the URL option is added, it'll be easier to clean all the IPs that have been added manually.
I like Mason Schmitt's idea below where the whitelist for the RMM is off by default, in case the RMM tool is the source of the attack. The MSP could quickly enable the whitelist when ready.
NW
Any update on this, we got hit today with this problem again!
A
Aaron Tague
Even adding the ability to add an FQDN rather than just IPs would help. Our RMM tools use a static URL, but the IP changes randomly.
N
Nathan Verkerk
We are currently unable to add NinjaOne to the allowlist. When this feature is added, this should be possible, and we would not be excluded from the endpoint when it is isolated.
Matthiew Morin (Huntress)
Merged in a post:
Allow process name in Toollist allow feature
M
Mark Curtin
I would like the ability to allow connections via process name in the Toollist allow feature. Currently, connections are limited to outbound connections with static IPs, and there is no option to allow connections via process name. This feature would be beneficial for managing remote sessions more effectively.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - FQDN / Hostname
M
Matt Dunn
We have encountered when setting up the tooling allow list with Ninja RMM that its specified to put in IP's, Ninja RMM doesn't provide IP Addresses only FQDNs/Hostnames. It'd be good to have an option for FQDN's in the allow list for this, or to work with the RMM Providers, to give you ready made Options that you can add in, e.g. toggle on Ninja RMM in the tooling list, Connectwise Automate etc.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - Add Subnets
J
Josif Leitner
Ability to add a subnet to allowlist.
A lot of vendors provide IP "Subnets" instead of individual IPs.
Matthiew Morin (Huntress)
Merged in a post:
Allow domains for tooling allowlist
D
David
Allow domains for tooling allowlist. Some RMM's don't provide IP's but only domains to allow.
C
Craig Thompson
+1 for allowing domain whitelisting - We use NinjaRMM and I'd also agree that with the rise of RMM abuse - automatically allowing the RMM might be better done on a per isolated client basis - after review the initial report for example you can allow RMM and it'll unblock that access.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - FQDNs in addition to IPs
T
Timothy Schmitt
Tooling allowlist currently only supports the manual additions of IP addresses. This doesn't allow for easy addition of tools that are hosted in the cloud with dynamic IPs. There should be an option to add the FQDN to prevent the need to constantly update lists of IPs. This is especially problematic when there is an incident and the IP list needs to be updated before we can access isolated hosts.
Load More
→