ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Error while configuring netapp firewall policy for monitoring an SMB CIFS with Netwrix Auditor

Meadastian
‎2022-09-13 07:57 AM
2,180 Views

Hello to everyone

We are trying to configure An SMB CIFS svm for auditing with Netwrix auditor.

Ontap is 9.9.1p9 and the netwrix guide for this ontap release tell us to configure the Firewall Policy to let the netwrix server access via HTTPS on port 443

But when we launch the command:

NetAppBB::> system services firewall policy create -policy netwrix_policy -service https -vserver svm-cifs-BB -allow-list 172.18.201.28/24

we receive the following error:

Error: command failed: "https" is an invalid value for the parameter "-service"

 

the command: NetAppBB::> system services firewall policy create -policy netwrix_policy -service

show: dns    http   iscsi  ndmp   ndmps  none   ntp    rsh    snmp   telnet

 

so the HTTPS service is missing in the firewall policy.

anyone have an idea to configure the firewall policy to let netwrix access via https?

In older Ontap version we were able to set this policy with no problem.

thank you very much.

Sebastian

0 Kudos
1 ACCEPTED SOLUTION

Winchester
‎2022-09-13 10:22 AM
2,160 Views

Hi Sebastian,

 

Beginning with ONTAP 9.6, the https and ssh firewall services are not supported. This functionality is now accomplished using a LIF service policy.

 

See LIFs and service policies in ONTAP 9.6 and later 

 

Kind regards,

 

--Paul

View solution in original post

3 REPLIES 3

Winchester
‎2022-09-13 10:22 AM
2,161 Views

Hi Sebastian,

 

Beginning with ONTAP 9.6, the https and ssh firewall services are not supported. This functionality is now accomplished using a LIF service policy.

 

See LIFs and service policies in ONTAP 9.6 and later 

 

Kind regards,

 

--Paul

Meadastian
‎2022-09-15 05:44 AM
In response to Winchester
2,053 Views

thank you @Winchester 

0 Kudos

Sairajeevmic
‎2024-01-03 05:57 AM
In response to Winchester
1,243 Views

network interface service-policy create -vserver <> -policy <> data-nfs,data-cifs,management-https,data-core,data-fpolicy-client -allowed-addresses <>

in this command  -allowed-addresses <>   

 

allowed addresses -> Should we give netwrix server IP's ?

0 Kudos
All Community Forums
Public