Skip to main content

Configuring firewall service and policies for LIFs

Setting up a firewall enhances the security of the cluster and helps prevent unauthorized access to the storage system. By default, the firewall service allows remote systems access to a specific set of default services for data, management, and intercluster LIFs.

Firewall policies can be used to control access to management service protocols such as SSH, HTTP, HTTPS, Telnet, NTP, NDMP, NDMPS, RSH, DNS, or SNMP. Firewall policies cannot be set for data protocols such as NFS or CIFS.

You can manage firewall service and policies in the following ways:

  • Enabling or disabling firewall service

  • Displaying the current firewall service configuration

  • Creating a new firewall policy with the specified policy name and network services

  • Applying a firewall policy to a logical interface

  • Creating a new firewall policy that is an exact copy of an existing policy.

    You can use this to make a policy with similar characteristics within the same SVM, or to copy the policy to a different SVM.

  • Displaying information about firewall policies

  • Modifying the IP addresses and netmasks that are used by a firewall policy

  • Deleting a firewall policy that is not being used by a LIF

  • LIF roles and default firewall policies
    LIF firewall policies are used to restrict access to the cluster over each LIF. You need to understand how the default firewall policy affects system access over each type of LIF, and how you can customize a firewall policy to increase or decrease security over a LIF.
  • Portmap service configuration
    The portmap service maps RPC services to the ports on which they listen.
  • Creating a firewall policy and assigning it to a LIF
    Default firewall policies are assigned to each LIF when you create the LIF. In many cases, the default firewall settings work well and you do not need to change them. If you want to change the network services or IP addresses that can access a LIF, you can create a custom firewall policy and assign it to the LIF.
  • Commands for managing firewall service and policies
    You can use the system services firewall commands to manage firewall service, the system services firewall policy commands to manage firewall policies, and the network interface modify command to manage firewall settings for LIFs.