Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Firewall openings for communication between indexer and license manager

erw550
Path Finder
‎01-21-2022 05:54 AM

Hello,

In which direction must firewall openings be configured for indexers and search heads to be able to communicate with the license manager and fetch license etc.? Is it only  <search_head/indexer> --> License manager (on port 8089) or both ways, so <search_head/indexer> --> <License_manager> AND 
<License_manager> --> <search_head/indexer> (on port 8089).

I have seen network topologies saying different things regarding this. Is one way enough or do we need both ways on port 8089?

Thank you!

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-21-2022 07:12 AM

Hi

If you are not doing any queries to other servers then it's enough that you open <all nodes which need license> -> LM. Over that it's good to send LM's logs to indexers so it needs access (8089) to CM or indexers. Also you must open ports to IDX which are listening data. 

But if you are running eg. MC on LM then you need 8089 opened bidirectional. Also if you are using DS to configure it, you must open 8089 towards DS.

As you can see things can become quite complicated very easily, if you have several roles on the same server.

r. Ismo

0 Karma
Reply

erw550
Path Finder
‎01-21-2022 07:30 AM

In this case the license manager is a dedicated host. Its internal logs will be sent to the indexer layer on 9997. But in terms of fetching the license, port 8089 towards the license manager should be sufficient or must it be bidirectional? 

Thank you

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-21-2022 07:35 AM

For fetching and reporting the license usage FW should be open from other nodes to LM.

If your indexers are in cluster and you are using indexer discovery then you need also opening from LM to cluster master port 8089. If you are using fixed nodes in outputs.conf then this is not needed.

0 Karma
Reply

SinghK
Builder
‎01-21-2022 06:01 AM

Bidirectional.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...