Network and Storage Protocols

What is the way to configure Netapp so that only authorized hosts can access.

novice
5,426 Views

I have Netapp version 8.2.2.   I have the following security violation on it after scanned with security tool.

It said that the solution is to "configure NFS on the remote host so that only authorized hosts can mount its remote shares".

There are 12 servers, which are in a cluster, and additional 5 servers access and share the file system.   What is the way to build the access list so that only these 17 servers can access the Netapp?

 

========================================================================================

 

 

Synopsis :
It is possible to access NFS shares on the remote host.

Description :
At least one of the NFS shares exported by the remote server could be
mounted by the scanning host. An attacker may be able to leverage
this to read (and possibly write) files on remote host.

The following NFS shares could be mounted :

+ /vol/LUN_RDM011_vol
+ Contents of /vol/LUN_RDM011_vol :
- .
- ..
- .snapshot
- LUN_RDM11

+ /vol/LUN_RDM012_vol
+ Contents of /vol/LUN_RDM012_vol :
- .
- ..
- .snapshot
- LUN_RDM12

+ /vol/LUN_RDM21_vol
+ Contents of /vol/LUN_RDM21_vol :
- .
- ..
- .snapshot
- LUN_RDM21

+ /vol/LUN_RDM22_vol
+ Contents of /vol/LUN_RDM22_vol :
- .
- ..
- .snapshot
- LUN_RDM22

+ /vol/LUN_RDM41_vol
+ Contents of /vol/LUN_RDM41_vol :
- .
- ..
- .snapshot
- LUN_RDM41

+ /vol/LUN_RDM51_vol
+ Contents of /vol/LUN_RDM51_vol :

....

....


Solution :
Configure NFS on the remote host so that only authorized hosts can
mount its remote shares.

1 ACCEPTED SOLUTION

jcolonfzenpr
5,276 Views

Look for client permission for Export.,

Jonathan Colón | Blog | Linkedin

View solution in original post

3 REPLIES 3

pedro_rocha
5,402 Views

Hello,

 

I believe you have an export policy specifying 0.0.0.0/0 as the client specification. In that way, all the networks are allowed to access the exports for volumes with the export policy.

 

So you should create more restrictive export policies specifying the client IPs.

 

This documentation may help you: https://library.netapp.com/ecm/ecm_download_file/ECMP1331695

(Creating an export policy in System Manager).

 

Regards,

Pedro

 

novice
5,295 Views

Thank you for your reply.   

On my Netapp Ondemand System manager Version: 3.1, I don't see an export policy on the left tree.   My Netapp is version 8.2.2.   If I (or can I upgrade the system manager only without Netapp upgrade?) upgrade the System Manager, will there be export policy menu on the left tree?   

 

jcolonfzenpr
5,277 Views

Look for client permission for Export.,

Jonathan Colón | Blog | Linkedin
Public