Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Does Universal Forwarded supports Server Name Indication (SNI)?

tihomirstoyanov
New Member
‎01-14-2020 05:43 AM

Hi there folks,

I would like to ask if Universal Forwarder can support Server Name Indication (SNI)? That is extension of TLS protocol which can be used by nginx to deploy SNI-based-routing from UF`s to multiple hosts.

INFO:
- We have many clients with on-premise machines/laptops with Universal Forwarders sending traffic to our AWS Splunk Instances (Indexers). Our AWS Instances doesnt have public IPv4 addresses and we would like to deploy single point of contact (nginx) with public IPv4 address for all TCP UFs traffic which then differentiate by destination.

UF -> nginx with public IPv4 (SNI based-routing) -> AWS Target Indexer

Pre-requisites:
We need UF with enabled SSL - this is completed.
We need UF with enabled SNI (Its needed to differentiate destination hosts)

e.g. UF`s will send traffic to:
client1.mydomain.com
client2.mydomain.com

Nginx will then route the traffic to destination.

Have someone tried similar approach before? Also if you could give other suggestion for our solution will be much appreciated!

Thank you.

Kind Regards,
Tihomir Stoyanov

0 Karma
Reply

tihomirvstoyano
Engager
‎02-13-2020 04:45 AM

Hello,

Got an update from our seniors --> Universal Forwarder doesn`t support SNI at the moment.

Thanks,
Tihomir Stoyanov

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...