Interesting. So it seems it is the splunk cli commands that are failing, not the actual DC -> DS communication. Could it be that the cli command, under the hood, performs some local rest call to the splunk daemon or so, which gets blocked by iptables (just wildly thinking out loud here)? Might be something to check with Splunk Support. Using config files instead of cli may not be a bad idea anyway for configuring the deployment client. By putting this config into a small app, you can even manage it from the DS later on, in case you want to tune the phone home interval, or even move clients to a different deployment server. ... View more