Hi, we're thinking to install the Splunk Cloud Gateway app on a local Splunk Instance not yet connected to internet. Looking at the manual seems that we need to open port to the Cloud Service, but we don't understand if we need also to provide a public ip for our Splunk local Instance or if it's not needed and so it's sufficient to open communication with the Splunk Cloud Service.
Any suggestion or support?
Thanks and best regards
Tomaso
No you don't
The Cloud Gateway makes an outbound connection over https to the cloud-hosted gateway service.
You don't need to open any ingress ports, you just need to allow your splunk instance to access the internet via https.
This page has a diagram:
https://docs.splunk.com/Documentation/Gateway/1.9.0/Installation/Security
The Splunk instance connects outbound over port 443, and then uses the established socket for all the traffic.
Specifically the host it connects to is prod.spacebridge.spl.mobi:443
If my answer helped, please consider accepting and/or upvoting so that other memebers of the community can see it was useful.