Security

What are the firewall rules to request for a single test standalone?

New Member

Hello,

We are building up test standalone Splunk on our environment, we decide to use the free version so what are the firewall rules we have to request?

Do we need to request the below ports:
8000 web
8089 management/rest
9997 indexer receiver
8191 KV store
514 Network port
As it is a standalone do I need to open?
8080 Indexer Replication
8181 search Replication
8088 http event collector
8065 app server?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hi thiru179,

since this is a standalone server, it should be sufficient if you request TCP port 8000 for the Splunk UI access, and TCP port 9997 to get data into Splunk. TCP port 8089would only be needed if you have deployment clients connecting to this instance, or if you plan to do remote REST API calls. All other ports will be accessible by the instance without firewall rule.

Don't forget access to the server itself, like SSH or RDP depending on platform running Splunk 😉

Hope this helps ...

cheers, MuS

View solution in original post

SplunkTrust
SplunkTrust

Hi thiru179,

since this is a standalone server, it should be sufficient if you request TCP port 8000 for the Splunk UI access, and TCP port 9997 to get data into Splunk. TCP port 8089would only be needed if you have deployment clients connecting to this instance, or if you plan to do remote REST API calls. All other ports will be accessible by the instance without firewall rule.

Don't forget access to the server itself, like SSH or RDP depending on platform running Splunk 😉

Hope this helps ...

cheers, MuS

View solution in original post

Ultra Champion

Plus any ports needed for direct data inputs (like the 514 mentioned in the question, which probably refers to UDP 514 for ingesting syslog).

0 Karma

New Member

Thank you Mus and FrankVI, this cleared my confusion.

0 Karma