Hi,
I am trying to get similar setup done. I could not understand the requirement of having port 5671/5672 ports open on Splunk for this communication. Can you please elaborate that?, and how to do that.
In my case, splunk is initiating TLS handshake with Azure , however after handshake when Splunk tries to switch session to aqmp (by sending syn on port for aqmp), it gets the RESET from azure. I am assuming that firewall is playing dirty here as I am behind a PaloAlto, however still want to check with you.
Tcpdump capture at splunk server:
16:17:35.939016 IP 192.X.X.X.33411 > 104.208.16.3.amqps: Flags [S], seq 2945244674, win 14600, options [mss 1460,sackOK,TS val 435408421 ecr 0,nop,wscale 7], length 0
16:17:35.939190 IP 104.208.16.3.amqps > 192.X.X.X.33411: Flags [R.], seq 0, ack 2945244675, win 14600, length 0
... View more