Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Does Universal Forwarded supports Server Name Indication (SNI)?

tihomirstoyanov
New Member
‎01-14-2020 05:43 AM

Hi there folks,

I would like to ask if Universal Forwarder can support Server Name Indication (SNI)? That is extension of TLS protocol which can be used by nginx to deploy SNI-based-routing from UF`s to multiple hosts.

INFO:
- We have many clients with on-premise machines/laptops with Universal Forwarders sending traffic to our AWS Splunk Instances (Indexers). Our AWS Instances doesnt have public IPv4 addresses and we would like to deploy single point of contact (nginx) with public IPv4 address for all TCP UFs traffic which then differentiate by destination.

UF -> nginx with public IPv4 (SNI based-routing) -> AWS Target Indexer

Pre-requisites:
We need UF with enabled SSL - this is completed.
We need UF with enabled SNI (Its needed to differentiate destination hosts)

e.g. UF`s will send traffic to:
client1.mydomain.com
client2.mydomain.com

Nginx will then route the traffic to destination.

Have someone tried similar approach before? Also if you could give other suggestion for our solution will be much appreciated!

Thank you.

Kind Regards,
Tihomir Stoyanov

0 Karma
Reply

tihomirvstoyano
Engager
‎02-13-2020 04:45 AM

Hello,

Got an update from our seniors --> Universal Forwarder doesn`t support SNI at the moment.

Thanks,
Tihomir Stoyanov

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...