Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Firewall Open Port WMI

splunk13
Explorer
‎02-08-2013 12:13 AM

Hi Splunk community,

I have just a little question, I have some servers in a DMZ. All ports are blocked inside to this DMZ and this DMZ to inside.

I use WMI for getting logs with splunk. Which ports do I need open LAN -> DMZ and DMZ -> LAN? (tcp I think ?)
I don't use forwarder.

Thank you for your help,

splunk13

0 Karma
Reply

splunk13
Explorer
‎02-14-2013 12:51 AM

Hi all,

I up this topic because the answer's Ayn doesn't work.

Anyone has a solution for me ?

Thanks for your help !

Splunk13

0 Karma
Reply

splunk13
Explorer
‎02-14-2013 06:44 AM

Ok Thanks for you answer. But anyone has done that before ?

0 Karma
Reply

Ayn
Legend
‎02-14-2013 01:10 AM

What do you mean "it doesn't work"? I didn't have any solution, just pointers to where you can read more about this 🙂

WMI queries is inherently not a Splunk functionality, it is a functionality in Windows and as such you really should be asking this on a Windows forum, not a Splunk forum.

0 Karma
Reply

splunk13
Explorer
‎02-08-2013 04:48 AM

Hi Ayn,

Thank you for you fast response !
I need do this manipulation on my splunk server, exact ?

Regards,

Splunk13

0 Karma
Reply

Ayn
Legend
‎02-08-2013 03:16 AM

Not really a Splunk question, but here goes:

You don't need to open any ports from your DMZ to your LAN (which is just as well, because that would break the idea of a DMZ). As for communication from your LAN to your DMZ, normally WMI doesn't use fixed ports like that. It uses DCOM. Recent versions of Windows let you setup a fixed port though, more info here: http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447%28v=vs.85%29.aspx

0 Karma
Reply

krusty
Contributor
‎07-18-2016 03:06 AM

Hi, I have a similar problem with remote WMI requests.
We just have set on the remote server a static port for WMI requests. Seems to be working fine. But we noticed on a third party firewall that splunk forwarder tries to connect by other ports then defined on the remote server.
Is there any configuration on the forwarder possible, like a WMI port configuration or something like that?
With the documentation, I couldn't find any Information about this.

I know that WMI is not a splunk issue, but maybe we can manipulate it by splunk. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...