We have universal forwarders planned for the DMZ. Firewall admins want to limit connectivity to as few ports as possible.
I know the UF needs to connect to the indexer (TCP-9997), but can it live without communicating to the deployment server (TCP-8089)?
No apps are required, and I plan on just configuring inputs.conf directly as only logfile & perfmon counters are required.
So questions needing answers:
1. Will the UF start up and operate if it can't communicate with the deployment server?
2. Is there any configuration required to be done to allow UF to operate without access to a deployment server?
I've looked at an intermediate forwarder, but f/w admins don't like dmz hosts talking to each other, so that option is out.
↧