ONTAP Discussions

OnTap 9 trusted hosts

Hi,

 

In 7Mode, System Manager could setup trusted hosts allow specific ip address for adminitration. But OnTap 9, I cannot found setup trusted hosts in System Manager, I also try modify firewall policy mgmt allow specific ip address access mgmt http, https and ssh, the cluster management LIF also apply mgmt firewall policy, but another IP still could access and login, any idea?


Best regards,

Chung

5 REPLIES 5

Re: OnTap 9 trusted hosts

Hi,

 

trusted host is not supported on cDOT, instead it relies on the firewall & export policy.


Could you share the output:
::> system services firewall policy show


Configuring firewall service and policies for LIFs & Commands for managing firewall service and policies:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-nmg%2FGUID-09329781-2E57-49E5-B052-EC4D6FEBB41B.html

 

Thanks!

Re: OnTap 9 trusted hosts

Hi,

 

I know what is going on, it should be define "full subnet mask".

 

If IP is 192.168.2.1, firewall should define 192.168.2.1/32 and not the 192.168.2.1/24.

 

Best regards,

 

Chung

Re: OnTap 9 trusted hosts

Thanks for the update. I get your question now.

 

What you have done is : Created 'Individual Host route' by using /32, just single host.

 

Thanks!

Re: OnTap 9 trusted hosts

Hi,

 

Define policy as below.

 

cmode95::> system services firewall policy show -vserver cmode95 -policy mgmt
Vserver Policy Service Allowed
------- ------------ ---------- -------------------
cmode95
mgmt
dns 0.0.0.0/0
http 192.168.2.1/32
https 192.168.2.1/32
ndmp 0.0.0.0/0
ndmps 0.0.0.0/0
ntp 0.0.0.0/0
snmp 0.0.0.0/0
ssh 192.168.2.1/32
8 entries were displayed.

 

 

Best regards,

 

Chung

Re: OnTap 9 trusted hosts

Looks good. Well done.

Cloud Volumes ONTAP
Review Banner
All Community Forums
Public