Deployment Architecture

Send UF -> Deployment server traffic through a Proxy?

ajiwanand
Path Finder

We have a set of UF in a private network that is totally isolated from the Deployment server. For forwarder to indexer traffic we will use intermediate forwarders however we would also like to utilize the deployment server. Is it possible to configure a UF to point to a deployment server through a proxy?

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey soutamo,

Yes we'll be using  HTTPS as the DS protocol. My main requirement is to send only DS traffic to the proxy and indexer traffic through normal means. I wasn't entirely sure if using the splunkd as the protocol would allow for sending ONLY HF to DS traffic via proxy? I'll give it a shot

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Indexing traffic is not https it Splunk’s internal defined S2S. So I suppose that it don't use proxy unless you are defining those socks* on outputs.conf file.
I propose that you just test and report back if it works or not.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey@isoutamo 

I tested this and confirmed that once you configure Splunkd to use a proxy, it will use the proxy to contact the DS and it does not affect the forwarder to indexer traffic as it uses S2S.

 

Thanks!

0 Karma

ajiwanand
Path Finder

Fair point! I'll test it out and reply back later.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...