Solved: Restricting NetApp Administration

TMADOCTHOMAS · ‎2021-01-21

In the old 7-mode days, you could create a list of IP addresses on a filer that would restrict administration to someone coming from one of those IP's.

In cluster mode, you can do the same with the SP:

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-sag/GUID-6FE269CD-335F-47C0-B9F7-6EF6E2546E52.html

However, I've not found anything to indicate this can be done for regular SSH access or System Manager access. Does anyone know if this type of restriction exists?

jcolonfzenpr · ‎2021-01-21

You can define service policies or services firewall policy.

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-nmg%2FGUID-09329781-2E57-49E5-B052-EC4D6FEBB41B.html

Jonathan Colón | Blog | Linkedin

View solution in original post

jcolonfzenpr · ‎2021-01-21

You can define service policies or services firewall policy.

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-nmg%2FGUID-09329781-2E57-49E5-B052-EC4D6FEBB41B.html

Jonathan Colón | Blog | Linkedin

TMADOCTHOMAS · ‎2021-01-21

Interesting! Thank you @jcolonfzenpr . I am aware of firewall policies but have never fooled with them.

So essentially I could modify the default "mgmt" policy, which applies to all management LIFs, and change the allow-list to the IP's I want to have access? And that would prevent other IP's from SSH'ing in or accessing via System Manager (assuming I apply to all services)? Am I understanding this right?

paul_stejskal · ‎2021-01-25

Correct. Just modify the firewall and you'll be good to go.

TMADOCTHOMAS · ‎2021-01-25

Thank you @paul_stejskal !