/
Limiting access to updates and monitoring

Limiting access to updates and monitoring

Owned by Space Sync for Confluence
Nov 08, 2024
2 min read

Alternative Solutions

We can work with you to implement alternative approaches that meet your security requirements while maintaining critical functionality. Before implementing any of the methods outlined below, please get in touch with our Support Team.

Important Notice Regarding Backend Connectivity

We understand that your security requirements may necessitate limiting or disabling connectivity to our backend services. We fully support your security decisions while wanting to ensure you're aware of the impact on system functionality:

Features Affected by Disconnection:

  • Automated system updates and security patches

  • Remote monitoring and alerting capabilities

  • Automated troubleshooting and support diagnostics

  • Access to our container and helm chart registries

Disable callbacks to Rancher completely

Firewall Rules (Most Recommended)

Description: Using network firewall rules to control traffic at the network perimeter.

Complete Blocking

# Block all Rancher-related domains using firewall iptables -I OUTPUT -d master.k3s.getvisibility.com -j DROP iptables -I OUTPUT -d getvisibility.k3s.getvisibility.com -j DROP iptables -I OUTPUT -d prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com -j DROP iptables -I OUTPUT -d rpm.rancher.io -j DROP
iptables -I OUTPUT -d forcepointemea.k3s.getvisibility.com -j DROP iptables -I OUTPUT -d forcepointapac.k3s.getvisibility.com -j DROP iptables -I OUTPUT -d forcepointus.k3s.getvisibility.com -j DROP

To restore

# Remove the rules (use same commands with -D instead of -I) iptables -D OUTPUT -d master.k3s.getvisibility.com -j DROP iptables -D OUTPUT -d getvisibility.k3s.getvisibility.com -j DROP iptables -D OUTPUT -d prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com -j DROP iptables -D OUTPUT -d rpm.rancher.io -j DROP

Pros:

  • Most reliable method

  • Works at network level

  • Can be implemented on existing firewall infrastructure

  • Granular control

DNS Blocking

Description: Modify local DNS resolution to prevent access to Rancher domains.

To bring back removed functionality just remove these entries from /etc/hosts file.

Selective Blocking Scenarios

Block Only Updates

Block these endpoints:

Block Only Monitoring

Block these endpoints:

If you are a Forcepoint customer:

Additional Notes:

 

 

Classified as Getvisibility - Partner/Customer Confidential