ONTAP Discussions

OnTap 9 trusted hosts

chinchillaking

Hi,

 

In 7Mode, System Manager could setup trusted hosts allow specific ip address for adminitration. But OnTap 9, I cannot found setup trusted hosts in System Manager, I also try modify firewall policy mgmt allow specific ip address access mgmt http, https and ssh, the cluster management LIF also apply mgmt firewall policy, but another IP still could access and login, any idea?


Best regards,

Chung

5 REPLIES 5

Ontapforrum

Hi,

 

trusted host is not supported on cDOT, instead it relies on the firewall & export policy.


Could you share the output:
::> system services firewall policy show


Configuring firewall service and policies for LIFs & Commands for managing firewall service and policies:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-nmg%2FGUID-09329781-2E57-49E5-B052-EC4D6FEBB41B.html

 

Thanks!

Hi,

 

I know what is going on, it should be define "full subnet mask".

 

If IP is 192.168.2.1, firewall should define 192.168.2.1/32 and not the 192.168.2.1/24.

 

Best regards,

 

Chung

Thanks for the update. I get your question now.

 

What you have done is : Created 'Individual Host route' by using /32, just single host.

 

Thanks!

Hi,

 

Define policy as below.

 

cmode95::> system services firewall policy show -vserver cmode95 -policy mgmt
Vserver Policy Service Allowed
------- ------------ ---------- -------------------
cmode95
mgmt
dns 0.0.0.0/0
http 192.168.2.1/32
https 192.168.2.1/32
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
ntp 0.0.0.0/0
snmp 0.0.0.0/0
ssh 192.168.2.1/32
8 entries were displayed.

 

 

Best regards,

 

Chung

Looks good. Well done.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public