All Apps and Add-ons

Splunk Cloud Gateway install

tomasofacci
Explorer

Hi, we're thinking to install the Splunk Cloud Gateway app on a local Splunk Instance not yet connected to internet. Looking at the manual seems that we need to open port to the Cloud Service, but we don't understand if we need also to provide a public ip for our Splunk local Instance or if it's not needed and so it's sufficient to open communication with the Splunk Cloud Service.
Any suggestion or support?

Thanks and best regards
Tomaso

0 Karma

nickhills
Ultra Champion

No you don't
The Cloud Gateway makes an outbound connection over https to the cloud-hosted gateway service.
You don't need to open any ingress ports, you just need to allow your splunk instance to access the internet via https.

This page has a diagram:
https://docs.splunk.com/Documentation/Gateway/1.9.0/Installation/Security
The Splunk instance connects outbound over port 443, and then uses the established socket for all the traffic.

Specifically the host it connects to is prod.spacebridge.spl.mobi:443

If my comment helps, please give it a thumbs up!

nickhills
Ultra Champion

If my answer helped, please consider accepting and/or upvoting so that other memebers of the community can see it was useful.

If my comment helps, please give it a thumbs up!
0 Karma