Security
Highlighted

Splunk Forwarder port 9997 through firewall - bi-directional???

Explorer

I need to submit firewall rules for our Splunk (Linux) Forwarders to connect to port 9997 on the indexers. Does this link need to be bi-directional?

Thanks,

Bill

Highlighted

Re: Splunk Forwarder port 9997 through firewall - bi-directional???

Legend

No, it does not. You only need to allow traffic from the forwarders to the indexers (as long as your firewall is stateful that is).

View solution in original post

Highlighted

Re: Splunk Forwarder port 9997 through firewall - bi-directional???

Explorer

Thanks. That's what I needed to know.

0 Karma
Highlighted

Re: Splunk Forwarder port 9997 through firewall - bi-directional???

Legend

No problem. Please mark my answer as accepted if it solved your problem. Thanks!

0 Karma