I have a couple of 9.5P6 VMs running on various versions of ESXi. Recently, I fired one up to do some development, and ran into the "FPolicy servers fail to authenticate due to CVE-2022-38023" problem (as detailed here: https://kb.netapp.com/onprem/ontap/da/NAS/FPolicy_servers_fail_to_authenticate_due_to_CVE-2022-38023 ) which meant I couldn't access its CIFS shares. The problem doesn't exist for later versions on ONTAP, but as far as I'm aware, 9.5P6 is the "last" version that is officially supported for ESXi (and I've tried downloading the 9.13 simulator OVA and deploying that on ESXi, but it fails) I've read that it's possible to upgrade a working instance of 9.5P6 on ESXi to later versions, but when I attempt to download an upgrade image (eg, from here: https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.7P23) I get an "unauthorised access" page. Can anyone give me some advice on what they think the best way forward is? I suppose I could deploy a later simulator on VM Workstation on a Windows ESXi VM, but my experience of running other OS this way is that they are painfully slow.
... View more
I've been trying to add a subnet as a member of a netgroup used in an export policy rule and the hosts in the subnet still do not have access. I've tried both forms of subnet spec (a.b.c.d/m and a.b.c.d/w.x.y.z) and neither seem to work. I can't find any documentation that states that this isn't allowed, nor can I find any that states that it is. Please advise as to if this is possible or not. If it is, it will greatly simplify the administration of access to filesystems for one of our primary applications. We really don't want to have to add new export policy rules to each impacted filesystem, then have to track them all back down later when we need to update the subnet list, that'd be a ton of overhead and quite error prone. Please advise as whether or not this is possible. We are using netgroups serviced from LDAP. Thank you for your attention to this matter.
... View more
Hi, Our client wants to see if their systems could take the additional load of enabling CIFS file auditing. Their systems are very busy, but latency is still within the normal and expected range (AFF700 systems). How do we know and monitor the process responsible for CIFS auditing in OnTap?
... View more
It seems like a big oversight not to allow headers in webhook notifications. Headers often contain essential information like tokens to make the POST call. Also, per the documentation the payload is in XML (1990's called...). If anyone is on here from NetApp, are improvements to 1) allow custom headers and 2) make the payload JSON coming to ONTAP webhooks? The current implementation is unworkable integrating with things like Splunk.
... View more