For administration and operation of Gemini Central (formerly Gemini Manage), the following channels between clients and nodes, and internally between the nodes, are required to be open.

Port Reason
443/TCP HTTPS access
22/TCP SSH access
4444/TCP Internal Gemini cluster communication

As the Web Interface and SSH console offer low-level system access, try to ensure those network settings are biased towards a ‘host-only’ approach and are not exposed to public access (ie. Anywhere, 0.0.0.0/0). Depending on the deployment, add inbound/outbound rules as needed.

For further details, see the following tables.

Common Splunk Service Ports

Port Protocol Direction Purpose Customizable
8000TCPClient → Non-indexer nodes onlySplunk Web InterfaceYes
8089TCPClient → ApplianceSplunk REST APIYes
9998TCPAppliance ↔ ApplianceIndex Cluster ReplicationYes
9998TCPAppliance ↔ ApplianceSearch Head Cluster ReplicationYes
9997TCPClient → ApplianceSplunk Data ForwardingYes

To get the complete list of ports used by Splunk, refer to the official Splunk Enterprise documentation.

Administration and Monitoring Services

Port Protocol Direction Purpose Customizable
22TCPClient → ApplianceSSH AccessYes
161UDPClient → ApplianceSNMP Monitoring
2121TCPClient → ApplianceFTP ServiceYes

External Resources

Port Protocol Direction Purpose Customizable
443TCPAppliance → Cloud Repository
(updates.geminidata.com)
Integration Center Cloud Repository
162UDPAppliance → Trap DestinationSNMP TrapsYes
389TCPAppliance → LDAP ServerLDAP AuthenticationYes
636TCPAppliance → LDAP ServerLDAP over SSL/TLS AuthenticationYes
111
2049
TCPAppliance → NFS ServerNFS Access
445TCPAppliance → CIFS ServerCIFS/SMB Access (NetBIOS not included)
443TCPAppliance → S3 Endpoint
(<bucket_name>.s3.amazonaws.com)
Amazon S3 Bucket Access
3260TCPAppliance → iSCSI TargetiSCSI Discovery & ConnectionYes