When to create a native FPolicy configuration

Native FPolicy configurations use the ONTAP internal FPolicy engine to monitor and block file operations based on the file's extension. This solution does not require external FPolicy servers (FPolicy servers). Using a native file blocking configuration is appropriate when this simple solution is all that is needed.

Native file blocking enables you to monitor any file operations that match configured operation and filtering events and then deny access to files with particular extensions. This is the default configuration.

This configuration provides a means to block file access based only on the file's extension. For example, to block files that contain mp3 extensions, you configure a policy to provide notifications for certain operations with target file extensions of mp3. The policy is configured to deny mp3 file requests for operations that generate notifications.

The following applies to native FPolicy configurations:

The same set of filters and protocols that are supported by FPolicy server-based file screening are also supported for native file blocking.
Native file blocking and FPolicy server-based file screening applications can be configured at the same time.
To do so, you can configure two separate FPolicy policies for the storage virtual machine (SVM), with one configured for native file blocking and one configured for FPolicy server-based file screening.
The native file blocking feature only screens files based on the extensions and not on the content of the file.
In the case of symbolic links, native file blocking uses the file extension of the root file.

Give documentation feedback