Use a proxy server with Splunk Secure Gateway
If you're using a proxy, open port 443 outbound to prod.spacebridge.spl.mobi to enable Splunk Secure Gateway. You can set up a proxy in the server.conf file or set up a Splunk Secure Gateway specific proxy in the securegateway.conf file.
Set up a proxy in the server.conf file
IIf you're using a proxy server, the server must be a forward HTTPS proxy and support HTTP CONNECT. Squid Forward Proxy, Apache Forward Proxy, and Nginx Forward Proxy are tested and verified as compatible. If you're using another forward proxy and running into issues, there might be a configuration issue. See Troubleshoot Splunk Secure Gateway Connection Issues for more information about troubleshooting proxy issues.
Because Splunk Gateway doesn't trust third-party certificates, man-in-the-middle proxy servers are not supported.
To configure your proxy server, see Configure splunkd to use your HTTP Proxy Server in the Splunk Enterprise Admin Manual.
Here's how to edit the server.conf file to configure splunkd to work with your server proxy:
[proxyConfig] https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.> no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">
If you are using a proxy that requires authentication, do not use the pound sign ( # ) or the at symbol ( @ ) in your password. Splunk Secure Gateway misinterprets these keyboard characters in passwords.
Set up a Splunk Secure Gateway specific proxy in the securegateway.conf file
Configuring the [proxyConfig]
stanza in the securegateway.conf file allows all outgoing Splunk Secure Gateway calls to pass through the defined proxy. To set up a Splunk Secure Gateway specific proxy in the cloudgateway.conf file, see the [proxyConfig]
stanza in Configure securegateway.conf.
The [proxyConfig]
stanza in the securegateway.conf file does not affect any other traffic in the splunkd process. For example, if you set the [proxyConfig]
stanza in both the securegateway.conf and the server.conf files, splunkd respects the [proxyConfig]
stanza in the server.conf file for all other traffic.
Get started with Splunk Secure Gateway | Migrate from Splunk Cloud Gateway to Splunk Secure Gateway |
This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6 Cloud Only, 2.5.7, 2.6.3 Cloud only, 2.7.3 Cloud only, 2.7.4, 2.8.4 Cloud only, 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only, 3.4.251, 3.5.15 Cloud only
Feedback submitted, thanks!