1. Protocols, I am assuming that everything is running on TCP, but perhaps UDP is required as well
2. Permission, there is no mention on permission set for the Splunk Universal forwarder. This should be run on an account other than admin. We need to get very specific here.
3. Network communication instantiation. Is communication with the universal forwarder bi-lateral or uni-lateral pushing information out? This will be important for the firewall rules to be setup properly.
↧