ControlUp Agent Access Control List (ACL)
    • Dark
      Light
    • PDF

    ControlUp Agent Access Control List (ACL)

    • Dark
      Light
    • PDF

    Article Summary

    You can enable tighter control over how the ControlUp Agent communicates with the ControlUp Console and ControlUp Monitors.

    You can read more about ControlUp Agent Security Best Practices and different configuration options.

    The procedure below prevents other machines from accessing the agent unless their IPs have been added to an Access Control List (ACL) on the agent machines. This IP restriction can be applied on the ControlUp Agent machines to inspect the client IP and cross-reference it with a whitelist configured in the registry.

    Configure the Registry with an ACL Whitelist

    The console and monitor IPs to add to this list can be specific (e.g. 10.20.30.40) or listed using CIDR notation (e.g. 10.20.30.40/24). This configuration can be part of a GPO.

    Note
    You can create your own GPO or use the attached zip file which contains a template for both this method of authentication and certificate-based authentication described here.

    Manual distribution of registry key

    To add the registry key manually:

    1. On the agent machine, open the regedit
    2. Create the key HKLM/SOFTWARE/Policies/Smart-X/ControlUp/Agent/IPACL
    3. Create a DWORD value named Enabled and assign it the value of 1.
    4. Create a Multi-String value (REG_MULTI_SZ) named Addresses. This key contains the permitted origin addresses of all ControlUp Console and ControlUp Monitor machines that communicate with this agent machine.

    Was this article helpful?