ControlUp Agent Access Control List (ACL)

You can enable tighter control over how the ControlUp Agent communicates with the ControlUp Console and ControlUp Monitors.

You can read more about ControlUp Agent Security Best Practices and different configuration options.

The procedure below prevents other machines from accessing the agent unless their URLs have been added to an Access Control List (ACL) on the agent machines. This IP restriction can be applied on the ControlUp Agent machines to inspect the client IP and cross-reference it with a whitelist configured in the registry.

Configure the Registry with an ACL Whitelist

The console and monitor IPs to add to this list can be specific (e.g. 10.20.30.40) or listed using CIDR notation (e.g. 10.20.30.40/24). This configuration can be part of a GPO.
Note: You can create your own GPO or use the attached zip file which contains a template for both this method of authentication and certificate-based authentication described here.

Here is the manual procedure.

  1. Open the Registry Editor.

  2. Navigate to: HKLM/SOFTWARE/Policies/Smart-X/ControlUp/Agent/IPACL
    Missing keys must be manually created. 

  3. Create a DWORD value named Enabled and assign it the value of 1.

  4. Create a Multi-String value (REG_MULTI_SZ) named addresses. This key contains the permitted origin addresses of all ControlUp Console and ControlUp Monitor machines that communicate with this agent machine.

1-on-1 Demo
Schedule now
Price Quote
Get it now
Need a Script?
Get it here
Powered by Zendesk