Splunk® Secure Gateway

Administer Splunk Secure Gateway

Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.

Use a proxy server with Splunk Secure Gateway

If you're using a proxy, open port 443 outbound to prod.spacebridge.spl.mobi to enable Splunk Secure Gateway. You can set up a proxy in the server.conf file or set up a Splunk Secure Gateway specific proxy in the securegateway.conf file.

Set up a proxy in the server.conf file

IIf you're using a proxy server, the server must be a forward HTTPS proxy and support HTTP CONNECT. Squid Forward Proxy, Apache Forward Proxy, and Nginx Forward Proxy are tested and verified as compatible. If you're using another forward proxy and running into issues, there might be a configuration issue. See Troubleshoot Splunk Secure Gateway Connection Issues for more information about troubleshooting proxy issues.

Because Splunk Gateway doesn't trust third-party certificates, man-in-the-middle proxy servers are not supported.

To configure your proxy server, see Configure splunkd to use your HTTP Proxy Server in the Splunk Enterprise Admin Manual.

Here's how to edit the server.conf file to configure splunkd to work with your server proxy:

https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost,, ::1">

If you are using a proxy that requires authentication, do not use the pound sign ( # ) or the at symbol ( @ ) in your password. Splunk Secure Gateway misinterprets these keyboard characters in passwords.

Set up a Splunk Secure Gateway specific proxy in the securegateway.conf file

Configuring the [proxyConfig] stanza in the securegateway.conf file allows all outgoing Splunk Secure Gateway calls to pass through the defined proxy. To set up a Splunk Secure Gateway specific proxy in the cloudgateway.conf file, see the [proxyConfig] stanza in Configure securegateway.conf.

The [proxyConfig] stanza in the securegateway.conf file does not affect any other traffic in the splunkd process. For example, if you set the [proxyConfig] stanza in both the securegateway.conf and the server.conf files, splunkd respects the [proxyConfig] stanza in the server.conf file for all other traffic.

Last modified on 14 June, 2021
Get started with Splunk Secure Gateway   Migrate from Splunk Cloud Gateway to Splunk Secure Gateway

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6 Cloud Only, 2.5.7, 2.6.3 Cloud only, 2.7.3 Cloud only, 2.7.4, 2.8.4 Cloud only, 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only, 3.4.251, 3.5.15 Cloud only

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters