We have an ongoing issue where our team is unable to generate/pull report from VARONIS. in the event logs we could see the errors like Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: connection to Fpolicy server is broken(EPIPE) received.
Another error log is Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: Fpolicy server is removed from the external engine)
I have checked the network logs and firewall settings and everything seems to be normal. Any help is highly appreciated.
I had a similar issue, confirm that the UUID for the vserver matches UUID in the Varonis management console. To get the UUID on veserver "vserver show -vserver vs1 -instance"
Thanks for the information. Let me check this and update you the status. So if we add the vserver UUID in Varonis Management console it will resolve the issue?
THIS ISSUE IS NOT YET RESOLVED, I HAVE BY MISTAKENLY CLICKED ON SOLUTION PROVIDED.
Even if I try to connect to the fpolicy server thru CLI it is getting connected. But after some time the fpolicy server status is getting changed from connected to disconnected state. Upon checking the logs I could see the reason as below.
Reason for FPolicy Server Disconnection: TCP Connection to FPolicy server failed.
ID for FPolicy Server Disconnection: 9307
Any idea what changes has to be done in order to fix this issue permanently.
Hi, not sure what you meant by "Even if I try to connect to the fpolicy server thru CLI it is getting connected." If you can have your storage admin login to the NetApp cluster and run the following command (Replace VS1 with your vserver name that is being monitored) cluster::> vserver show -vserver vs1 -instance
It would return the UUID for the vserver being monitored. Open Varonis Management console - High File server - edit and paste in UUID Under File Server Type. See attached.
Hi, I have verified the UUID in varonis management console and its matching with Netapp UUID. So i think the issue liase somewhere else.
I am getting error like TCP Connection to FPolicy server failed.
Any ideas or procedure for the permanent solution.
This issue is not yet resolved and I am still looking for the permanent sollution. Appreciate response from anyone who has faced this issue in their environment. The main point I want to highlight here is that we have the same setup in another location which has same configuration. I couldn't find any issues related to Fpolicy configuration and moreover we are able to pull/generate reports in Varonis.
Also Fpolicy servers are connected in the Netapp storage array.
Both the storage arrays version is 8.3.2P10
We have performed the below steps so far.
1) Added the varonis server to allow http connection in Firewall policy.
2) Configured secondary varonis server in fpolicy
3) Disabled and enable fpolicy services
4) Restarted the services "varonis collector monitor" in varonis server
5) Checked with Networks team to verify whether any TCP connections are getting failed from Source (Netapp Data Lif IP) to Destination (Varonis Server). No flap or glitches observed by networks team.
6) Tried to connect fpolicy engine - But no luck.
The same steps we followed in another Netapp boxand the issue got resolved.
Any solutions found?
Most of the time fpolicy does not work at first because of firewall issues.
Either it is a firewall in ONTAP
Or the firewall in the fpolicy server( fpolicy event receiver) which prevents Fpolicy to work properly.
If the firewalls are disabled then it should work fine.
If you can't open the firewall, you need to open a certain range of ports for fpolicy to work.