Team: Huntress EDR
Product: Host Isolation
Environment: Huntress Platform
Summary: How to add static IP addresses to an allow list to the account settings before host isolation for partner tooling access.
The Host Isolation IP Allowlist is advanced capability is intended to enable the use of self-hosted RMMs (or other tooling with static IP addresses) on endpoints during an incident response. We recommend leaving it disabled unless you are doing incident response activities frequently.
If you suspect that your RMM or other tooling is compromised, disable the IP Allowlist and contact Huntress Support to request that any currently isolated endpoints be “strictly isolated.”
How it works:
-
The IP Allowlist applies only to endpoints which are currently isolated; it has no impact on endpoints under normal circumstances.
-
In addition to Huntress traffic, these isolated endpoints are only allowed to make outbound connections to the allowed IP addresses; all inbound connections are blocked. This is sufficient for RMMs to operate normally, as in most cases their agents only make outbound network connections.
-
If you change the IP Allow list settings (enabling, disabling, or adding / removing IPs), endpoints that are currently isolated will not be updated; only newly isolated endpoints will have the changes applied.
The Huntress SOC might override your IP Allow list and strictly isolate endpoints (blocking all connections) if we suspect that your RMM or other tooling is compromised.
More info on Host Isolation
Where to add allowed IPs
In the Huntress Portal menu (1), open the Account Settings. (2)
Scroll to the Tooling Allowlist and enable the feature by toggling the "Tooling Connections" to On (default is Off).
Add the IP address, using a display name that makes sense for your environment and an IPv4 address.
This feature does not support cloud RMMs because the allowed IP addresses must be static, while most cloud tools use dynamic IPs for agent connectivity.
Comments
1 comment
This is a very anticipated feature; thank you for making it an easy add-on to the entire partner account. Our RMM tool is selfhosted and on a static IP; couldn't have asked for a more easy to use solution.
Please sign in to leave a comment.