Security

What should I enable in the firewall to allow communication collector-SplunkServer

christianubeda
Path Finder

Hi team!

What ports do I need to open and in what direction, I do not know if I leave any.

Is there any communications table?

Thank you a lot.

Tags (1)
0 Karma

nickhills
Ultra Champion

Splunk does not dictate which ports event forwarding uses, however there is a 'convention'.
Splunk management port defaults to 8089, but this also is configurable.

As a basic start (and using defaults) the following should allow your Universal Forwarders to communicate with a deployment server and forward events to indexers/intermediate tiers.

UF -> Splunk TCP:9997 (unencrypted event forwarding)
UF -> Splunk TCP:9998 (TLS encrypted event forwarding)
UF -> Deployment Server TCP:8089 (TLS)

There is a great post with diagrams here which does an awesome job of illustrating all the communications ports
https://answers.splunk.com/answers/58888/what-are-the-ports-that-i-need-to-open.html

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...