ONTAP Discussions

Restricting NetApp Administration

TMADOCTHOMAS
1,019 Views

In the old 7-mode days, you could create a list of IP addresses on a filer that would restrict administration to someone coming from one of those IP's.

 

In cluster mode, you can do the same with the SP:

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-sag/GUID-6FE269CD-335F-47C0-B9F7-6EF6E2546E52.html

 

However, I've not found anything to indicate this can be done for regular SSH access or System Manager access. Does anyone know if this type of restriction exists?

1 ACCEPTED SOLUTION

jcolonfzenpr
993 Views
4 REPLIES 4

jcolonfzenpr
994 Views

TMADOCTHOMAS
984 Views

Interesting! Thank you @jcolonfzenpr . I am aware of firewall policies but have never fooled with them.

 

So essentially I could modify the default "mgmt" policy, which applies to all management LIFs, and change the allow-list to the IP's I want to have access? And that would prevent other IP's from SSH'ing in or accessing via System Manager (assuming I apply to all services)? Am I understanding this right?

paul_stejskal
911 Views

Correct. Just modify the firewall and you'll be good to go.

TMADOCTHOMAS
906 Views

Thank you @paul_stejskal !

Public