- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Firewall Open Port WMI
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall Open Port WMI
Hi Splunk community,
I have just a little question, I have some servers in a DMZ. All ports are blocked inside to this DMZ and this DMZ to inside.
I use WMI for getting logs with splunk. Which ports do I need open LAN -> DMZ and DMZ -> LAN? (tcp I think ?)
I don't use forwarder.
Thank you for your help,
splunk13
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I up this topic because the answer's Ayn doesn't work.
Anyone has a solution for me ?
Thanks for your help !
Splunk13
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok Thanks for you answer. But anyone has done that before ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean "it doesn't work"? I didn't have any solution, just pointers to where you can read more about this 🙂
WMI queries is inherently not a Splunk functionality, it is a functionality in Windows and as such you really should be asking this on a Windows forum, not a Splunk forum.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ayn,
Thank you for you fast response !
I need do this manipulation on my splunk server, exact ?
Regards,
Splunk13
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not really a Splunk question, but here goes:
You don't need to open any ports from your DMZ to your LAN (which is just as well, because that would break the idea of a DMZ). As for communication from your LAN to your DMZ, normally WMI doesn't use fixed ports like that. It uses DCOM. Recent versions of Windows let you setup a fixed port though, more info here: http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447%28v=vs.85%29.aspx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have a similar problem with remote WMI requests.
We just have set on the remote server a static port for WMI requests. Seems to be working fine. But we noticed on a third party firewall that splunk forwarder tries to connect by other ports then defined on the remote server.
Is there any configuration on the forwarder possible, like a WMI port configuration or something like that?
With the documentation, I couldn't find any Information about this.
I know that WMI is not a splunk issue, but maybe we can manipulate it by splunk. 🙂
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
