-
|
We run a few deployable suites for remote IR and Hunt activities. In these use cases we host analyst tools behind a NAT firewall and then enable port forwards for anything we need to be accessible. On these boxes we were planning on transitioning from our existing ELK solution to SO. No matter what I do I can never get any SO service functioning (443, 5044, 9200) across a NAT firewall rule. To clarify they work great sitting on the same subnet. I have tried to so-allow both the "LAN" net that SO is sitting on and the "WAN" net sitting in front of the FW, no dice. All other port forwards for services behind the NAT work great, so I'm assuming this is something with the SO FW / Salt? Any ideas before I build build a log-redirector behind the FW to feed SO lol |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
You would need to look at the minion file and update the IP to the external natted IP address. This really isn't something we currently support so YMMV. |
Beta Was this translation helpful? Give feedback.
-
|
To clarify what I am attempting is shipping Sysmon logs via winlogbeats via a port forward. |
Beta Was this translation helpful? Give feedback.
You would need to look at the minion file and update the IP to the external natted IP address. This really isn't something we currently support so YMMV.