Skip to main content

Requirements for setting up FPolicy

Before you configure and enable FPolicy on your storage virtual machine (SVM), you need to be aware of certain requirements.

  • All nodes in the cluster must be running a version of ONTAP that supports FPolicy.
  • If you are not using the ONTAP native FPolicy engine, you must have external FPolicy servers (FPolicy servers) installed.
  • The FPolicy servers must be installed on a server accessible from the data LIFs of the SVM where FPolicy policies are enabled.
  • The IP address of the FPolicy server must be configured as a primary or secondary server in the FPolicy policy external engine configuration.
  • If the FPolicy servers access data over a privileged data channel, the following additional requirements must be met:

    • CIFS must be licensed on the cluster.

      Privileged data access is accomplished using SMB connections.

    • A user credential must be configured for accessing files over the privileged data channel.
    • The FPolicy server must run under the credentials configured in the FPolicy configuration.

    • All data LIFs used to communicate with the FPolicy servers must be configured to have cifs as one of the allowed protocols.

      This includes the LIFs used for passthrough-read connections.