ONTAP commands to manage firewall service and policies
You can use the system services firewall
commands to manage firewall service, the system services firewall policy
commands to manage firewall policies, and the network interface modify
command to manage firewall settings for LIFs.
Beginning with ONTAP 9.10.1:
-
Firewall policies are deprecated and are replaced by LIF service policies. Previously, the onboard firewall was managed using firewall policies. This functionality is now accomplished using a LIF service policy.
-
All firewall policies are empty and do not open any ports in the underlying firewall. Instead, all ports must be opened using a LIF service policy.
-
No action is required after an upgrade to 9.10.1 or later to transition from firewall policies to LIF service policies. The system automatically constructs LIF service policies consistent with the firewall policies in use in the previous ONTAP release. If you use scripts or other tools that create and manage custom firewall policies, you might need to upgrade those scripts to create custom service policies instead.
To learn more, see LIFs and service policies in ONTAP 9.6 and later.
If you want to… |
Use this command… |
---|---|
Enable or disable firewall service |
|
Display the current configuration for firewall service |
|
Create a firewall policy or add a service to an existing firewall policy |
|
Apply a firewall policy to a LIF |
|
Modify the IP addresses and netmasks associated with a firewall policy |
|
Display information about firewall policies |
|
Create a new firewall policy that is an exact copy of an existing policy |
|
Delete a firewall policy that is not used by a LIF |
|