ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Native fpolicy questions

LimorK
‎2024-07-22 11:44 PM
707 Views

Hello all,

 

Ontap 9.13.1

After enabling native fpolicy we encountered some quiestions:

1) How do we modify the disallowed extensions file. The current kb is a bit unclear about that.

2) After modifying the above file, how do we make sure this is the version used on all enabled svms.

3) What is the path of the original disallowed extensions file?

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

ChLokesh
NetApp
‎2024-07-30 05:26 AM
498 Views

Hello There, 

Please find the answers below.

 

1) How do we modify the disallowed extensions file. The current kb is a bit unclear about that.
Use the vserver fpolicy policy scope modify -file-extensions-to-include command to add (Block)or remove (Unblock) specific file extentioss.
https://docs.netapp.com/us-en/ontap-cli-98/vserver-fpolicy-policy-scope-modify.html#parameters 

 

2) After modifying the above file, how do we make sure this is the version used on all enabled svms.
Run a vserver fpolicy policy scope show -vserver <VSERVER_NAME> to check the include (Blocked) and exclude (Unblocked) extesnions

 

3) What is the path of the original disallowed extensions file?\
There is no path or file for these disallowed extentions/

View solution in original post

2 REPLIES 2

SpindleNinja
A-Team Tech Advisor A-Team Tech Advisor
‎2024-07-29 06:25 AM
540 Views

If this is the same KB I'm thinking about.   IIRC - You basically need to delete the existing native fpolicy config via the CLI and then reapply it via the GUI after making your edits.   

ChLokesh
NetApp
‎2024-07-30 05:26 AM
499 Views

Hello There, 

Please find the answers below.

 

1) How do we modify the disallowed extensions file. The current kb is a bit unclear about that.
Use the vserver fpolicy policy scope modify -file-extensions-to-include command to add (Block)or remove (Unblock) specific file extentioss.
https://docs.netapp.com/us-en/ontap-cli-98/vserver-fpolicy-policy-scope-modify.html#parameters 

 

2) After modifying the above file, how do we make sure this is the version used on all enabled svms.
Run a vserver fpolicy policy scope show -vserver <VSERVER_NAME> to check the include (Blocked) and exclude (Unblocked) extesnions

 

3) What is the path of the original disallowed extensions file?\
There is no path or file for these disallowed extentions/

Announcements
All Community Forums
Public