ONTAP Discussions

OnTap 9 trusted hosts

chinchillaking
4,358 Views

Hi,

 

In 7Mode, System Manager could setup trusted hosts allow specific ip address for adminitration. But OnTap 9, I cannot found setup trusted hosts in System Manager, I also try modify firewall policy mgmt allow specific ip address access mgmt http, https and ssh, the cluster management LIF also apply mgmt firewall policy, but another IP still could access and login, any idea?


Best regards,

Chung

5 REPLIES 5

Ontapforrum
4,325 Views

Hi,

 

trusted host is not supported on cDOT, instead it relies on the firewall & export policy.


Could you share the output:
::> system services firewall policy show


Configuring firewall service and policies for LIFs & Commands for managing firewall service and policies:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-nmg%2FGUID-09329781-2E57-49E5-B052-EC4D6FEBB41B.html

 

Thanks!

chinchillaking
4,242 Views

Hi,

 

I know what is going on, it should be define "full subnet mask".

 

If IP is 192.168.2.1, firewall should define 192.168.2.1/32 and not the 192.168.2.1/24.

 

Best regards,

 

Chung

Ontapforrum
4,236 Views

Thanks for the update. I get your question now.

 

What you have done is : Created 'Individual Host route' by using /32, just single host.

 

Thanks!

chinchillaking
4,233 Views

Hi,

 

Define policy as below.

 

cmode95::> system services firewall policy show -vserver cmode95 -policy mgmt
Vserver Policy Service Allowed
------- ------------ ---------- -------------------
cmode95
mgmt
dns 0.0.0.0/0
http 192.168.2.1/32
https 192.168.2.1/32
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
ntp 0.0.0.0/0
snmp 0.0.0.0/0
ssh 192.168.2.1/32
8 entries were displayed.

 

 

Best regards,

 

Chung

Ontapforrum
4,231 Views

Looks good. Well done.

Public