All Apps and Add-ons

Splunk Mobile & DMZ: Which ports should be open ?

alemarzu
Motivator

I am trying to configure Splunk Mobile Access on one of our customers, and I couldn't find much information regarding its requirements.

We are mounting a DMZ and the first thing we need is to open the ports, but I am not sure which of them, we made it work inside our LAN, but our customer is expecting us to tell them which ports should be open and on which direction.

As far as we know, ports 8000 and 8089 are needed inbound, but as the Splunk Mobile App can receive notifications, I guess that some other port should be opened, some outbound port.

And one more thing, in this page http://docs.splunk.com/Documentation/MobileApp/2.2.0/Install/Requirements and to be more precise "Limitations", what if I'm using the Splunk Mobile App WITH Splunk Add-on for Mobile Access, do I have to use other instead of 8000 & 8089 ?

KR, alemarzu.

0 Karma
1 Solution

roym_splunk
Splunk Employee
Splunk Employee

Hi:
For you first question: you need to open TCP port 443 outbound for the Google Cloud Message service and TCP port 2195 outbound for the Apple Push Notification service to receive the notification for the mobile device.
About your second question: Yes, you can. Actually, you can use any of the port you designate. And the story about 8000 and 8089 is that if you designate and open 8000 inbound for web with add-on installed or 8089 inbound for splunk management port without add-on installed (you don't need to open both of them, either option works), then you don't need to append the port in your host url on the login page of the Splunk Mobile App. url like: https://yourhost.com should work. Otherwise, if other port are designated, you have to append port in the url, like https://yourhost.com:8021, 8021 is not the default port, so it has to be there. The doc may be not clear about this, we'll update the doc to make it more clear to the user.
If you have more confusion about this, feel free to leave comment here and I'll try to help you. Thanks.

View solution in original post

roym_splunk
Splunk Employee
Splunk Employee

Hi:
For you first question: you need to open TCP port 443 outbound for the Google Cloud Message service and TCP port 2195 outbound for the Apple Push Notification service to receive the notification for the mobile device.
About your second question: Yes, you can. Actually, you can use any of the port you designate. And the story about 8000 and 8089 is that if you designate and open 8000 inbound for web with add-on installed or 8089 inbound for splunk management port without add-on installed (you don't need to open both of them, either option works), then you don't need to append the port in your host url on the login page of the Splunk Mobile App. url like: https://yourhost.com should work. Otherwise, if other port are designated, you have to append port in the url, like https://yourhost.com:8021, 8021 is not the default port, so it has to be there. The doc may be not clear about this, we'll update the doc to make it more clear to the user.
If you have more confusion about this, feel free to leave comment here and I'll try to help you. Thanks.

alemarzu
Motivator

Thank you so much ryom 😉

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...