We have an ongoing issue where our team is unable to generate/pull report from VARONIS. in the event logs we could see the errors like Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: connection to Fpolicy server is broken(EPIPE) received.
Another error log is Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: Fpolicy server is removed from the external engine)
I have checked the network logs and firewall settings and everything seems to be normal. Any help is highly appreciated.
Even if I try to connect to the fpolicy server thru CLI it is getting connected. But after some time the fpolicy server status is getting changed from connected to disconnected state. Upon checking the logs I could see the reason as below.
Reason for FPolicy Server Disconnection: TCP Connection to FPolicy server failed. ID for FPolicy Server Disconnection: 9307
Any idea what changes has to be done in order to fix this issue permanently.
Hi, not sure what you meant by "Even if I try to connect to the fpolicy server thru CLI it is getting connected." If you can have your storage admin login to the NetApp cluster and run the following command (Replace VS1 with your vserver name that is being monitored) cluster::> vserver show -vserver vs1 -instance
It would return the UUID for the vserver being monitored. Open Varonis Management console - High File server - edit and paste in UUID Under File Server Type. See attached.
This issue is not yet resolved and I am still looking for the permanent sollution. Appreciate response from anyone who has faced this issue in their environment. The main point I want to highlight here is that we have the same setup in another location which has same configuration. I couldn't find any issues related to Fpolicy configuration and moreover we are able to pull/generate reports in Varonis.
Also Fpolicy servers are connected in the Netapp storage array.
1) Added the varonis server to allow http connection in Firewall policy. 2) Configured secondary varonis server in fpolicy 3) Disabled and enable fpolicy services 4) Restarted the services "varonis collector monitor" in varonis server 5) Checked with Networks team to verify whether any TCP connections are getting failed from Source (Netapp Data Lif IP) to Destination (Varonis Server). No flap or glitches observed by networks team. 6) Tried to connect fpolicy engine - But no luck.
The same steps we followed in another Netapp boxand the issue got resolved.