Network and Storage Protocols

File screening issue - DOT 7.3.3

sstidham34
3,035 Views

Recently upgraded from DOT 7.3.1 to 7.3.3 and now trying to deploy fpolicy to block mp3 file uploads to our primary CIFS storage.  Have followed the instructions outlined in

http://now.netapp.com/NOW/knowledge/docs/ontap/rel801/html/ontap/filesag/GUID-0DAD7887-2918-47A3-A8AE-70D3F5308C73.html

but appears the policy is not being enforced. Have run through the steps several times and double/triple-checked our v3140's configuration, but still no luck.

Hopefully it's something simple.  Output from the policy's config below:

filer> fpolicy create Media screen
File policy Media created successfully.
filer> fpolicy ext inc set Media .mp3
filer> fpolicy monitor set Media -p cifs -f create,rename
filer> fpolicy options Media required on
filer> fpolicy enable Media -f
Thu Feb 10 14:12:52 CST [hounas04: fpolicy.fscreen.enable:info]: FPOLICY: File policy Media (file screening) is enabled.
File policy Media (file screening) is enabled.
filer>

...then tried uploading various .mp3 files to filer, each of which succeeded.  Then ran the below for the fpolicy:


filer> fpolicy show Media

File policy Media (file screening) is enabled.

No file policy servers are registered with the filer.

Operations monitored:
File create,File rename
Above operations are monitored for CIFS only

List of extensions to screen:
.MP3

List of extensions not to screen:
Extensions-not-to-screen list is empty.

Number of requests screened          :  0
Number of screen failures            :  0
Number of requests blocked locally   :  0

Any advice is welcomed!

2 REPLIES 2

ekashpureff
3,035 Views

sstidham34 -

Welcome to the Communities.NetApp.com !

Did you turn on 'options fpolicy.enable on' ?

fpolicy.enable
When turned off, this disables all file policies on the filer, overriding the settings for individual file policies. When turned on, the setting of a given file policy determines if that file policy is enabled or disabled.

(It doesn't list the default, and I'm not logged on to any filers)

I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

jayadratha
3,035 Views

Hi! Maybe it's stupid question. But i don't see for which volume enabled fpolicy.

fpolicy vol[ume] {inc[lude]|exc[lude]} {reset|show} PolicyName

http://now.netapp.com/NOW/knowledge/docs/ontap/rel80/html/ontap/filesag/GUID-69695EBB-0A6C-45AA-BF07-EBA1696B3D73.html

Public