https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/161699#M36948 <DIV>Hi,</DIV><DIV>&nbsp;</DIV><DIV>I am wondering if it is possible to block all access to the NetApp ONTAP System Manager web console on port 80/443 unless you have a specific IP address?</DIV><DIV>&nbsp;</DIV><DIV>I want to only allow staff within our IT department to be able to connect to the web console and only from their own computers with fixed IP addresses.</DIV><DIV>&nbsp;</DIV><DIV>Best Regards</DIV><DIV>Jamie</DIV> Wed, 04 Jun 2025 10:43:15 GMT JamieTalbot 2025-06-04T10:43:15Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/161699#M36948 <DIV>Hi,</DIV><DIV>&nbsp;</DIV><DIV>I am wondering if it is possible to block all access to the NetApp ONTAP System Manager web console on port 80/443 unless you have a specific IP address?</DIV><DIV>&nbsp;</DIV><DIV>I want to only allow staff within our IT department to be able to connect to the web console and only from their own computers with fixed IP addresses.</DIV><DIV>&nbsp;</DIV><DIV>Best Regards</DIV><DIV>Jamie</DIV> Wed, 04 Jun 2025 10:43:15 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/161699#M36948 JamieTalbot 2025-06-04T10:43:15Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/161701#M36949 <P>Hi Jamie,</P><P>&nbsp;</P><P>If I understand the question correctly, you should be able to block access to the System Manager Web server with firewall rules in ONTAP itself.</P><P>&nbsp;</P><P>Prior to ONTAP 9.5 (or so), these were called "Firewall Policies". On the CLI you use "system services firewall policy ...".</P><P>In newer releases they are termed "LIF Service Policies" and are accessed via "network interface service-policy ...".</P><P>&nbsp;</P><P>Obviously those are configured per LIF. You would need to add a new policy for the admin and node vservers of the cluster.</P><P>&nbsp;</P><P>Status of the firewall itself can be seen with "system services firewall show". I think by default it is normally on, but does not do any logging (thats's what I see here, on a ONTAP 9.7 system). It might be useful to enable logging for testing or longer term for analytics/correlation/intrusion detection.</P><P>&nbsp;</P><P>Given the nature of your question, you may also want to think about how to limit access to the Service Processor, typically a physically separate piece of hardware, accessed via a URI ending in ".../spi/", which can give access to the system logs, for example. But I am not sure if that can also be done via this same mechanism ...</P><P>&nbsp;</P><P>Hope this helps.</P><P>&nbsp;</P><P>Cheers,</P><P>Robb.</P><P>&nbsp;</P> Wed, 02 Dec 2020 15:46:56 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/161701#M36949 WAFLHERDER 2020-12-02T15:46:56Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/162134#M37026 <P>One idea will be to separate the management from data network. you can create a management vlan for them.</P><P>&nbsp;</P> Tue, 15 Dec 2020 08:17:32 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-System-Manager-IP-Limiting/m-p/162134#M37026 Mjizzini 2020-12-15T08:17:32Z