Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security: Phantom IP address "refused to connect" on Google Chrome

smitt66
Engager
‎08-07-2019 07:56 AM

Hello, I'm trying to access the Phantom web servers but when I use the IP address into Chrome, it says it "refused to connect".
I am also running the .ova file in VMware Player 15 and the network adapter is set to NAT.
Is there any way around this so I can access Phantom?
Thanks!

Note: I am attempting to access it from my work computer which has limited internet access, but I hope that doesn't affect too much.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎08-19-2019 06:16 AM

Are you able to post a screenshot? The out-of-the-box SSL Cert for Phantom webUI is not valid (self signed) so hopefully this is as simple as that and you just need to click the link to proceed.

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎08-07-2019 09:46 AM

Are you running it locally on your work computer? Are you using port forwarding ?
Normally it would be these ports:
TCP 22 Used for administering the operating system.
TCP 80 Port for requests sent over HTTP. Splunk Phantom redirects all HTTP requests to HTTPS.
TCP 443 HTTPS port for the web interface and REST API. This port must be exposed to access Splunk Phantom services.
so https://ip-address:443 for web interface

But if you're running it locally & using port forwarding it could be:
https://127.0.0.1:8443
(replace with whatever IP/port you've chosen for your host IP and host port)

Reply

smoir_splunk
Splunk Employee
Splunk Employee
‎08-07-2019 10:10 AM

In addition, I'd suggest making sure that you can ping the IP address from the CLI, it's entirely likely that something on your work computer could be preventing the connection. If you can ping the IP address, that means it's at least reachable on your network from your computer.

Reply
Get Updates on the Splunk Community!

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...