Update a specific FPolicy engine configuration for an SVM
PATCH /protocols/fpolicy/{svm.uuid}/engines/{name}
Introduced In: 9.6
Updates a specific FPolicy engine configuration of an SVM. Modification of an FPolicy engine that is attached to one or more enabled FPolicy policies is not allowed.
Related ONTAP commands
-
fpolicy policy external-engine modify
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
name |
string |
path |
True |
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
buffer_size |
Specifies the send and receive buffer size of the connected socket for the FPolicy server. |
|
certificate |
Provides details about certificate used to authenticate the Fpolicy server. |
|
format |
string |
The format for the notification messages sent to the FPolicy servers. The possible values are:
|
keep_alive_interval |
string |
Specifies the ISO-8601 interval time for a storage appliance to send Keep Alive message to an FPolicy server. The allowed range is between 10 to 600 seconds. |
max_server_requests |
integer |
Specifies the maximum number of outstanding requests for the FPolicy server. It is used to specify maximum outstanding requests that will be queued up for the FPolicy server. The value for this field must be between 1 and 10000. The default values are 500, 1000 or 2000 for Low-end(<64 GB memory), Mid-end(>=64 GB memory) and High-end(>=128 GB memory) Platforms respectively. |
name |
string |
Specifies the name to assign to the external server configuration. |
port |
integer |
Port number of the FPolicy server application. |
primary_servers |
array[string] |
|
request_abort_timeout |
string |
Specifies the ISO-8601 timeout duration for a screen request to be aborted by a storage appliance. The allowed range is between 0 to 200 seconds. |
request_cancel_timeout |
string |
Specifies the ISO-8601 timeout duration for a screen request to be processed by an FPolicy server. The allowed range is between 0 to 100 seconds. |
resiliency |
If all primary and secondary servers are down, or if no response is received from the FPolicy servers, file access events are stored inside the storage controller under the specified resiliency-directory-path. |
|
secondary_servers |
array[string] |
|
server_progress_timeout |
string |
Specifies the ISO-8601 timeout duration in which a throttled FPolicy server must complete at least one screen request. If no request is processed within the timeout, connection to the FPolicy server is terminated. The allowed range is between 0 to 100 seconds. |
ssl_option |
string |
Specifies the SSL option for external communication with the FPolicy server. Possible values include the following:
|
status_request_interval |
string |
Specifies the ISO-8601 interval time for a storage appliance to query a status request from an FPolicy server. The allowed range is between 0 to 50 seconds. |
svm |
||
type |
string |
The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:
|
Example request
{
"certificate": {
"ca": "TASample1",
"name": "Sample1-FPolicy-Client",
"serial_number": "8DDE112A114D1FBC"
},
"format": "string",
"keep_alive_interval": "PT2M",
"max_server_requests": 500,
"name": "fp_ex_eng",
"port": 9876,
"primary_servers": [
"10.132.145.20",
"10.140.101.109"
],
"request_abort_timeout": "PT40S",
"request_cancel_timeout": "PT20S",
"resiliency": {
"directory_path": "/dir1",
"retention_duration": "PT3M"
},
"secondary_servers": [
"10.132.145.20",
"10.132.145.21"
],
"server_progress_timeout": "PT1M",
"ssl_option": "string",
"status_request_interval": "PT10S",
"svm": {
"uuid": "string"
},
"type": "string"
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
9764922 |
The primary and secondary server has a redundant IP address |
9764942 |
At least one FPolicy policy is using the FPolicy engine |
9764886 |
FPolicy engine is a cluster-level FPolicy engine |
9765011 |
The resiliency feature is not supported with mandatory screening |
9765012 |
The specified resiliency directory path does not exist |
9765042 |
The specified send buffer size exceeds the maximum limit |
9765043 |
The specified receive buffer size exceeds the maximum limit |
9765063 |
Policy with Persistent Store feature does not support a "synchronus" |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
buffer_size
Specifies the send and receive buffer size of the connected socket for the FPolicy server.
Name | Type | Description |
---|---|---|
recv_buffer |
integer |
Specifies the receive buffer size of the connected socket for the FPolicy server. Default value is 256KB. |
send_buffer |
integer |
Specifies the send buffer size of the connected socket for the FPolicy server. Default value 1MB. |
certificate
Provides details about certificate used to authenticate the Fpolicy server.
Name | Type | Description |
---|---|---|
ca |
string |
Specifies the certificate authority (CA) name of the certificate used for authentication if SSL authentication between the SVM and the FPolicy server is configured. |
name |
string |
Specifies the certificate name as a fully qualified domain name (FQDN) or custom common name. The certificate is used if SSL authentication between the SVM and the FPolicy server is configured. |
serial_number |
string |
Specifies the serial number of the certificate used for authentication if SSL authentication between the SVM and the FPolicy server is configured. |
resiliency
If all primary and secondary servers are down, or if no response is received from the FPolicy servers, file access events are stored inside the storage controller under the specified resiliency-directory-path.
Name | Type | Description |
---|---|---|
directory_path |
string |
Specifies the directory path under the SVM namespace, where notifications are stored in the files whenever a network outage happens. |
enabled |
boolean |
Specifies whether the resiliency feature is enabled or not. Default is false. |
retention_duration |
string |
Specifies the ISO-8601 duration, for which the notifications are written to files inside the storage controller during a network outage. The value for this field must be between 0 and 600 seconds. Default is 180 seconds. |
svm
Name | Type | Description |
---|---|---|
uuid |
string |
SVM UUID |
fpolicy_engine
Defines how ONTAP makes and manages connections to external FPolicy servers.
Name | Type | Description |
---|---|---|
buffer_size |
Specifies the send and receive buffer size of the connected socket for the FPolicy server. |
|
certificate |
Provides details about certificate used to authenticate the Fpolicy server. |
|
format |
string |
The format for the notification messages sent to the FPolicy servers. The possible values are:
|
keep_alive_interval |
string |
Specifies the ISO-8601 interval time for a storage appliance to send Keep Alive message to an FPolicy server. The allowed range is between 10 to 600 seconds. |
max_server_requests |
integer |
Specifies the maximum number of outstanding requests for the FPolicy server. It is used to specify maximum outstanding requests that will be queued up for the FPolicy server. The value for this field must be between 1 and 10000. The default values are 500, 1000 or 2000 for Low-end(<64 GB memory), Mid-end(>=64 GB memory) and High-end(>=128 GB memory) Platforms respectively. |
name |
string |
Specifies the name to assign to the external server configuration. |
port |
integer |
Port number of the FPolicy server application. |
primary_servers |
array[string] |
|
request_abort_timeout |
string |
Specifies the ISO-8601 timeout duration for a screen request to be aborted by a storage appliance. The allowed range is between 0 to 200 seconds. |
request_cancel_timeout |
string |
Specifies the ISO-8601 timeout duration for a screen request to be processed by an FPolicy server. The allowed range is between 0 to 100 seconds. |
resiliency |
If all primary and secondary servers are down, or if no response is received from the FPolicy servers, file access events are stored inside the storage controller under the specified resiliency-directory-path. |
|
secondary_servers |
array[string] |
|
server_progress_timeout |
string |
Specifies the ISO-8601 timeout duration in which a throttled FPolicy server must complete at least one screen request. If no request is processed within the timeout, connection to the FPolicy server is terminated. The allowed range is between 0 to 100 seconds. |
ssl_option |
string |
Specifies the SSL option for external communication with the FPolicy server. Possible values include the following:
|
status_request_interval |
string |
Specifies the ISO-8601 interval time for a storage appliance to query a status request from an FPolicy server. The allowed range is between 0 to 50 seconds. |
svm |
||
type |
string |
The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:
|
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |