Verifying IPv6 firewall entries

A reversion from any version of ONTAP 9 might result in missing default IPv6 firewall entries for some services in firewall policies. You need to verify that the required firewall entries have been restored to your system.

Verify that all firewall policies are correct by comparing them to the default policies: system services firewall policy show

Example

The following example shows the default policies:

TDC-DM7K::*> system services firewall policy show
Vserver Policy       Service    Allowed
------- ------------ ---------- -------------------
TDC-DM7K
        data
                     dns        0.0.0.0/0
                     ndmp       0.0.0.0/0
                     ndmps      0.0.0.0/0
TDC-DM7K
        intercluster
                     ndmp       0.0.0.0/0
                     ndmps      0.0.0.0/0
TDC-DM7K
        mgmt
                     dns        0.0.0.0/0
                     http       0.0.0.0/0
                     ndmp       0.0.0.0/0
                     ndmps      0.0.0.0/0
                     ntp        0.0.0.0/0
                     snmp       0.0.0.0/0
TDC-DM7K
        mgmt-nfs
                     dns        0.0.0.0/0
                     http       0.0.0.0/0
                     ndmp       0.0.0.0/0
                     ndmps      0.0.0.0/0
                     ntp        0.0.0.0/0
                     snmp       0.0.0.0/0
17 entries were displayed.

Manually add any missing default IPv6 firewall entries by creating a new firewall policy: system services firewall policy create
Example
TDC-DM7K::*> system services firewall policy create -service snmp -vserver TDC-DM7K -policy newpolicy -allow-list 0.0.0.0/0

Apply the new policy to the LIF to allow access to a network service: network interface modify

Example

TDC-DM7K::*> network interface modify -vserver TDC-DM7K -lif TDC-DM7K-01_mgmt1 -firewall-policy newpolicy

Give documentation feedback