Enabling or disabling required SMB encryption for incoming SMB traffic
If you want to require SMB encryption for incoming SMB traffic you can enable it on the CIFS server or at the share level. By default, SMB encryption is not required.
About this task
You can enable SMB encryption on the CIFS server, which applies to all shares on the CIFS server. If you do not want required SMB encryption for all shares on the CIFS server or if you want to enable required SMB encryption for incoming SMB traffic on a share-by-share basis, you can disable required SMB encryption on the CIFS server.
When you set up a storage virtual machine (SVM) disaster recovery relationship, the value you select for the -identity-preserve option of the snapmirror create command determines the configuration details that are replicated in the destination SVM.
If you set the -identity-preserve option to true (ID-preserve), the SMB encryption security setting is replicated to the destination.
If you set the -identity-preserve option to false (non-ID-preserve), the SMB encryption security setting is not replicated to the destination. In this case, the CIFS server security settings on the destination are set to the default values. If you have enabled SMB encryption on the source SVM, you must manually enable CIFS server SMB encryption on the destination.
Example
The following example enables required SMB encryption for incoming SMB traffic for the CIFS server on SVM vs1:
cluster1::> vserver cifs security modify -vserver vs1 -is-smb-encryption-required true
cluster1::> vserver cifs security show -vserver vs1 -fields is-smb-encryption-required
vserver is-smb-encryption-required
-------- -------------------------
vs1 true