ControlUp Agent Access Control List (ACL)
- Print
- DarkLight
- PDF
ControlUp Agent Access Control List (ACL)
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can enable tighter control over how the ControlUp Agent communicates with the ControlUp Console and Monitors.
You can read more about ControlUp Agent Security Best Practices and different configuration options.
The procedure below prevents other machines from accessing the agent unless their IPs have been added to an Access Control List (ACL) on the agent machines. This IP restriction can be applied on the ControlUp Agent machines to inspect the client IP and cross-reference it with an allowlist configured in the registry.
Configure the Registry with an ACL Allowlist
The console and monitor IPs to add to this list can be specific (e.g. 10.20.30.40) or listed using CIDR notation (e.g. 10.20.30.40/24). This configuration can be part of a GPO.
Note
You can create your own GPO or use the attached zip file which contains a template for both this method of authentication and certificate-based authentication described here.
Manual distribution of registry key
To add the registry key manually:
- On the agent machine, open the regedit
- Create the key
HKLM/SOFTWARE/Policies/Smart-X/ControlUp/Agent/IPACL
- Create a DWORD value named Enabled and assign it the value of 1.
- Create a Multi-String value (REG_MULTI_SZ) named Addresses. This key contains the permitted origin addresses of all ControlUp Console and ControlUp Monitor machines that communicate with this agent machine.
Was this article helpful?