Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Firewall openings for communication between indexer and license manager

erw550
Path Finder
‎01-21-2022 05:54 AM

Hello,

In which direction must firewall openings be configured for indexers and search heads to be able to communicate with the license manager and fetch license etc.? Is it only  <search_head/indexer> --> License manager (on port 8089) or both ways, so <search_head/indexer> --> <License_manager> AND 
<License_manager> --> <search_head/indexer> (on port 8089).

I have seen network topologies saying different things regarding this. Is one way enough or do we need both ways on port 8089?

Thank you!

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-21-2022 07:12 AM

Hi

If you are not doing any queries to other servers then it's enough that you open <all nodes which need license> -> LM. Over that it's good to send LM's logs to indexers so it needs access (8089) to CM or indexers. Also you must open ports to IDX which are listening data. 

But if you are running eg. MC on LM then you need 8089 opened bidirectional. Also if you are using DS to configure it, you must open 8089 towards DS.

As you can see things can become quite complicated very easily, if you have several roles on the same server.

r. Ismo

0 Karma
Reply

erw550
Path Finder
‎01-21-2022 07:30 AM

In this case the license manager is a dedicated host. Its internal logs will be sent to the indexer layer on 9997. But in terms of fetching the license, port 8089 towards the license manager should be sufficient or must it be bidirectional? 

Thank you

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-21-2022 07:35 AM

For fetching and reporting the license usage FW should be open from other nodes to LM.

If your indexers are in cluster and you are using indexer discovery then you need also opening from LM to cluster master port 8089. If you are using fixed nodes in outputs.conf then this is not needed.

0 Karma
Reply

SinghK
Builder
‎01-21-2022 06:01 AM

Bidirectional.

 

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...