Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Network and Storage Protocols

File screening issue - DOT 7.3.3

sstidham34

Recently upgraded from DOT 7.3.1 to 7.3.3 and now trying to deploy fpolicy to block mp3 file uploads to our primary CIFS storage.  Have followed the instructions outlined in

http://now.netapp.com/NOW/knowledge/docs/ontap/rel801/html/ontap/filesag/GUID-0DAD7887-2918-47A3-A8AE-70D3F5308C73.html

but appears the policy is not being enforced. Have run through the steps several times and double/triple-checked our v3140's configuration, but still no luck.

Hopefully it's something simple.  Output from the policy's config below:

filer> fpolicy create Media screen
File policy Media created successfully.
filer> fpolicy ext inc set Media .mp3
filer> fpolicy monitor set Media -p cifs -f create,rename
filer> fpolicy options Media required on
filer> fpolicy enable Media -f
Thu Feb 10 14:12:52 CST [hounas04: fpolicy.fscreen.enable:info]: FPOLICY: File policy Media (file screening) is enabled.
File policy Media (file screening) is enabled.
filer>

...then tried uploading various .mp3 files to filer, each of which succeeded.  Then ran the below for the fpolicy:


filer> fpolicy show Media

File policy Media (file screening) is enabled.

No file policy servers are registered with the filer.

Operations monitored:
File create,File rename
Above operations are monitored for CIFS only

List of extensions to screen:
.MP3

List of extensions not to screen:
Extensions-not-to-screen list is empty.

Number of requests screened          :  0
Number of screen failures            :  0
Number of requests blocked locally   :  0

Any advice is welcomed!

2 REPLIES 2

jayadratha

Hi! Maybe it's stupid question. But i don't see for which volume enabled fpolicy.

fpolicy vol[ume] {inc[lude]|exc[lude]} {reset|show} PolicyName

http://now.netapp.com/NOW/knowledge/docs/ontap/rel80/html/ontap/filesag/GUID-69695EBB-0A6C-45AA-BF07-EBA1696B3D73.html

ekashpureff

sstidham34 -

Welcome to the Communities.NetApp.com !

Did you turn on 'options fpolicy.enable on' ?

fpolicy.enable
When turned off, this disables all file policies on the filer, overriding the settings for individual file policies. When turned on, the setting of a given file policy determines if that file policy is enabled or disabled.

(It doesn't list the default, and I'm not logged on to any filers)

I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public