I'm looking at deploying Stream in a highly secure environment for collection. I plan on having a dual purpose deployment server, stream search head on premise for stream management, although the data will be forwarded to SplunkCloud.
It shows that the streamfwd will initiate a connection to the SH w/ Stream App and a second connection will be initiated from the SH to the streamfwd.
Are these actually TWO separate connections and do I need a rule allowing TCP/8000 in both directions? Or;
Are these actually a single connection from the UF similar to how the Deployment Server works?