Hello,
I have Splunk distributed deployment (cca 20 servers + cca 100 UFs). On servers, I configured SSL encryption of management traffic and TLS certificate host name validation:
server.conf
[sslConfig]
enableSplunkdSSL = true
serverCert = <path_to_the_server_certificate>
sslVerifyServerCert = true
sslVerifyServerName = true
sslRootCAPath = <path_to_the_CA_certificate>
Everything is working well - servers communicate each other.
But my question is: I use Deployment server for pushing config to UFs and I am little bit surprised that management traffic between UFs and Deployment server is still flowing (I see all UFs phoning home, I can push config) even I did not configure encryption nor hostname validation on any UF. Is it OK? Does it mean that hostname validation for management traffic cannot be configured on UF? Or there is a way how to config hostname validation on UFs?
I found only how to configure hostname validation on UF in outputs.conf for sending collected data to Indexer, but nothing about management traffic.
Thank you for any hint.
Best regards
Lukas Mecir
Hi there,
Additional Tips:
~ If the reply helps, a Karma upvote would be appreciated
Are you sure that DS initiates connection. If you disable 8089 port on UF still UF is able to phone home to DS and receive app. How can DS initiate connection if UF does not even have a listening port.
It seems communication is initiated from UF to DS.