Create the FPolicy external engine
You must create an external engine to start creating an FPolicy configuration. The external engine defines how FPolicy makes and manages connections to external FPolicy servers. If your configuration uses the internal ONTAP engine (the native external engine) for simple file blocking, you do not need to configure a separate FPolicy external engine and do not need to perform this step.
The external engine worksheet should be completed.
If the external engine is used in a MetroCluster configuration, you should specify the IP addresses of the FPolicy servers at the source site as primary servers. The IP addresses of the FPolicy servers at the destination site should be specified as secondary servers.
Create the FPolicy external engine by using the
vserver fpolicy policy external-engine createcommand.
The following command creates an external engine on storage virtual machine (SVM) vs1.example.com. No authentication is required for external communications with the FPolicy server.
vserver fpolicy policy external-engine create -vserver-name vs1.example.com -engine-name engine1 -primary-servers 10.1.1.2,10.1.1.3 -port 6789 -ssl-option no-auth
Verify the FPolicy external engine configuration by using the
vserver fpolicy policy external-engine showcommand.
The following command display information about all external engines configured on SVM vs1.example.com:
vserver fpolicy policy external-engine show -vserver vs1.example.com
Primary Secondary External Vserver Engine Servers Servers Port Engine Type --------------- ----------- -------------- ----------- ------ ----------- vs1.example.com engine1 10.1.1.2, - 6789 synchronous 10.1.1.3
The following command displays detailed information about the external engine named “engine1” on SVM vs1.example.com:
vserver fpolicy policy external-engine show -vserver vs1.example.com -engine-name engine1
Vserver: vs1.example.com Engine: engine1 Primary FPolicy Servers: 10.1.1.2, 10.1.1.3 Port Number of FPolicy Service: 6789 Secondary FPolicy Servers: - External Engine Type: synchronous SSL Option for External Communication: no-auth FQDN or Custom Common Name: - Serial Number of Certificate: - Certificate Authority: -