Security

Splunk Forwarder port 9997 through firewall - bi-directional???

Explorer

I need to submit firewall rules for our Splunk (Linux) Forwarders to connect to port 9997 on the indexers. Does this link need to be bi-directional?

Thanks,

Bill

1 Solution

Legend

No, it does not. You only need to allow traffic from the forwarders to the indexers (as long as your firewall is stateful that is).

View solution in original post

Legend

No, it does not. You only need to allow traffic from the forwarders to the indexers (as long as your firewall is stateful that is).

View solution in original post

Legend

No problem. Please mark my answer as accepted if it solved your problem. Thanks!

0 Karma

Explorer

Thanks. That's what I needed to know.

0 Karma