Solved: Error while configuring netapp firewall policy for monitoring an SMB CIFS with Netwrix Auditor

Meadastian · ‎2022-09-13

Hello to everyone

We are trying to configure An SMB CIFS svm for auditing with Netwrix auditor.

Ontap is 9.9.1p9 and the netwrix guide for this ontap release tell us to configure the Firewall Policy to let the netwrix server access via HTTPS on port 443

But when we launch the command:

NetAppBB::> system services firewall policy create -policy netwrix_policy -service https -vserver svm-cifs-BB -allow-list 172.18.201.28/24

we receive the following error:

Error: command failed: "https" is an invalid value for the parameter "-service"

the command: NetAppBB::> system services firewall policy create -policy netwrix_policy -service

show: dns http iscsi ndmp ndmps none ntp rsh snmp telnet

so the HTTPS service is missing in the firewall policy.

anyone have an idea to configure the firewall policy to let netwrix access via https?

In older Ontap version we were able to set this policy with no problem.

thank you very much.

Sebastian

Winchester · ‎2022-09-13

Hi Sebastian,

Beginning with ONTAP 9.6, the https and ssh firewall services are not supported. This functionality is now accomplished using a LIF service policy.

See LIFs and service policies in ONTAP 9.6 and later

Kind regards,

--Paul

View solution in original post

Winchester · ‎2022-09-13

Hi Sebastian,

Beginning with ONTAP 9.6, the https and ssh firewall services are not supported. This functionality is now accomplished using a LIF service policy.

See LIFs and service policies in ONTAP 9.6 and later

Kind regards,

--Paul

Meadastian · ‎2022-09-15

thank you @Winchester

Sairajeevmic · ‎2024-01-03

network interface service-policy create -vserver <> -policy <> data-nfs,data-cifs,management-https,data-core,data-fpolicy-client -allowed-addresses <>

in this command -allowed-addresses <>

allowed addresses -> Should we give netwrix server IP's ?