Create the FPolicy external engine

Contributors

You must create an external engine to start creating an FPolicy configuration. The external engine defines how FPolicy makes and manages connections to external FPolicy servers. If your configuration uses the internal ONTAP engine (the native external engine) for simple file blocking, you do not need to configure a separate FPolicy external engine and do not need to perform this step.

What you’ll need

The external engine worksheet should be completed.

About this task

If the external engine is used in a MetroCluster configuration, you should specify the IP addresses of the FPolicy servers at the source site as primary servers. The IP addresses of the FPolicy servers at the destination site should be specified as secondary servers.

Steps
  1. Create the FPolicy external engine by using the vserver fpolicy policy external-engine create command.

    The following command creates an external engine on storage virtual machine (SVM) vs1.example.com. No authentication is required for external communications with the FPolicy server.

    vserver fpolicy policy external-engine create -vserver-name vs1.example.com -engine-name engine1 -primary-servers 10.1.1.2,10.1.1.3 -port 6789 -ssl-option no-auth

  2. Verify the FPolicy external engine configuration by using the vserver fpolicy policy external-engine show command.

    The following command display information about all external engines configured on SVM vs1.example.com:

    vserver fpolicy policy external-engine show -vserver vs1.example.com

                                    Primary        Secondary          External
    Vserver            Engine       Servers        Servers       Port Engine Type
    ---------------    -----------  -------------- ----------- ------ -----------
    vs1.example.com    engine1      10.1.1.2,      -             6789 synchronous
                                    10.1.1.3

    The following command displays detailed information about the external engine named “engine1” on SVM vs1.example.com:

    vserver fpolicy policy external-engine show -vserver vs1.example.com -engine-name engine1

                                  Vserver: vs1.example.com
                                   Engine: engine1
                  Primary FPolicy Servers: 10.1.1.2, 10.1.1.3
           Port Number of FPolicy Service: 6789
                Secondary FPolicy Servers: -
                     External Engine Type: synchronous
    SSL Option for External Communication: no-auth
               FQDN or Custom Common Name: -
             Serial Number of Certificate: -
                    Certificate Authority: -