https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433305#M10201 <P>Hello,</P> <P>We are building up test standalone Splunk on our environment, we decide to use the free version so what are the firewall rules we have to request?</P> <P>Do we need to request the below ports:<BR /> 8000 web<BR /> 8089 management/rest<BR /> 9997 indexer receiver<BR /> 8191 KV store <BR /> 514 Network port<BR /> As it is a standalone do I need to open? <BR /> 8080 Indexer Replication<BR /> 8181 search Replication<BR /> 8088 http event collector<BR /> 8065 app server?</P> Thu, 31 May 2018 20:39:45 GMT thiru179 2018-05-31T20:39:45Z https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433305#M10201 <P>Hello,</P> <P>We are building up test standalone Splunk on our environment, we decide to use the free version so what are the firewall rules we have to request?</P> <P>Do we need to request the below ports:<BR /> 8000 web<BR /> 8089 management/rest<BR /> 9997 indexer receiver<BR /> 8191 KV store <BR /> 514 Network port<BR /> As it is a standalone do I need to open? <BR /> 8080 Indexer Replication<BR /> 8181 search Replication<BR /> 8088 http event collector<BR /> 8065 app server?</P> Thu, 31 May 2018 20:39:45 GMT https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433305#M10201 thiru179 2018-05-31T20:39:45Z https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433306#M10202 <P>Hi thiru179,</P> <P>since this is a standalone server, it should be sufficient if you request TCP port <CODE>8000</CODE> for the Splunk UI access, and TCP port <CODE>9997</CODE> to get data into Splunk. TCP port <CODE>8089</CODE>would only be needed if you have deployment clients connecting to this instance, or if you plan to do remote REST API calls. All other ports will be accessible by the instance without firewall rule.</P> <P>Don't forget access to the server itself, like SSH or RDP depending on platform running Splunk <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>Hope this helps ...</P> <P>cheers, MuS</P> Thu, 31 May 2018 21:32:33 GMT https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433306#M10202 MuS 2018-05-31T21:32:33Z https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433307#M10203 <P>Plus any ports needed for direct data inputs (like the 514 mentioned in the question, which probably refers to UDP 514 for ingesting syslog).</P> Fri, 01 Jun 2018 06:32:46 GMT https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433307#M10203 FrankVl 2018-06-01T06:32:46Z https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433308#M10204 <P>Thank you Mus and FrankVI, this cleared my confusion. </P> Wed, 06 Jun 2018 18:04:03 GMT https://community.splunk.com/t5/Security/What-are-the-firewall-rules-to-request-for-a-single-test/m-p/433308#M10204 thiru179 2018-06-06T18:04:03Z