Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I set up a VPN connection for Splunk Cloud users?

premforsplunk
Explorer
‎09-22-2017 06:51 AM

Hi Folks,

Looking to setup a splunk cloud instance for my organization. Whether cloud version offers VPN connection? Ideally would want my colleagues to enter a vpn and then access splunk cloud.

Looking to setup more securely, please do tell me about security fares in splunk cloud version.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎09-25-2017 11:29 AM

Splunk Cloud doesnt support VPN. However, Splunk Cloud does support the use of ACL restrictions. So your organization can provide a list of IP addresses, or range. Once this is implemented, only hosts in that range could access the instances.

Additionally, some of the saml providers can provide 2FA authentication. You can check on http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/FAQs/FAQs

0 Karma
Reply

jkc
Engager
‎07-20-2022 04:17 AM

Hi, has this changed since the original post or does Splunk Cloud still not support use of a site to site VPN with the customer network?.  Thank you.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-20-2022 04:37 AM

Since the access can be limited to a set(s) of source addresses, the web access is protected by TLS and the forwarder access can be protected by mutual TLS authentication, there is really no need for VPN as such.

If you really, really need something VPN-like, you could force your users to use an on-premise web-proxy and limit your Cloud access to that proxy only. It seems a bit pointless but it's possible.

What is the problem you're trying to solve with "VPN"?

0 Karma
Reply

jkc
Engager
‎07-20-2022 05:07 AM

Thanks for the reply.  The requirement comes from organisation securty standards.  Could you expand on how this would be configured "the forwarder access can be protected by mutual TLS authentication"? If we can limit access to specific users and devices based on client certs this may satisfy the requirement.

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-20-2022 06:08 AM

Splunk inputs support TLS-level certificate authentication. If you set requireClientCert=true, you can - as the name says, require all connecting forwarders to present a valid certificate. There are additional settings which can limit access to specific SANs only. Then you configure your local forwarders to use client certs when connecting and you're set.

IP limiting is a standard feature on inputs.

One caveat - since we're talking about Cloud, you might have to contact support to set up the authentication on the Cloud's side.

WebUI access is another thing. I don't think you can authenticate users with certs here but - honestly - I don't see the point.

Reply

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-25-2017 10:57 AM

Hey @premforsplunk, check out this post: https://answers.splunk.com/answers/492334/does-splunk-cloud-support-duo-two-factor-authentic.html

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...