Skip to main content

ONTAP commands to manage firewall service and policies

Contributors netapp-barbe netapp-aherbin netapp-aaron-holt netapp-ahibbard netapp-thomi

You can use the system services firewall commands to manage firewall service, the system services firewall policy commands to manage firewall policies, and the network interface modify command to manage firewall settings for LIFs.

Beginning with ONTAP 9.10.1:

  • Firewall policies are deprecated and are replaced by LIF service policies. Previously, the onboard firewall was managed using firewall policies. This functionality is now accomplished using a LIF service policy.

  • All firewall policies are empty and do not open any ports in the underlying firewall. Instead, all ports must be opened using a LIF service policy.

  • No action is required after an upgrade to 9.10.1 or later to transition from firewall policies to LIF service policies. The system automatically constructs LIF service policies consistent with the firewall policies in use in the previous ONTAP release. If you use scripts or other tools that create and manage custom firewall policies, you might need to upgrade those scripts to create custom service policies instead.

If you want to…​

Use this command…​

Enable or disable firewall service

system services firewall modify

Display the current configuration for firewall service

system services firewall show

Create a firewall policy or add a service to an existing firewall policy

system services firewall policy create

Apply a firewall policy to a LIF

network interface modify -lif lifname -firewall-policy

Modify the IP addresses and netmasks associated with a firewall policy

system services firewall policy modify

Display information about firewall policies

system services firewall policy show

Create a new firewall policy that is an exact copy of an existing policy

system services firewall policy clone

Delete a firewall policy that is not used by a LIF

system services firewall policy delete