Hi there
I am trying to restrict which IP addresses can reach the SSH port on the default cluster management interface…
I first cloned the default-management service-policy to a new policy… I then restrict the service “management-ssh” to a specific range, say 10.0.2.0/24
I then modify the cluster lif and the two node management interfaces, so that they use my new service-policy.
But… I am still able to ssh into the system from 10.10.10.0/24… which makes no sense at all…
If I do the same to the management-https it _does_ work as expected…
The “old” firewall is enabled, and all policies are set to 0.0.0.0/0 (I think this old firewall is depreciated… )
So it there something specific about ssh?
(ONTAP 9.12.1)
Personally I think the “firewall” features are a mess on ONTAP at the moment… also the fact that you can only open up for IP ranges, and not specific IP addresses… so the “best” you can do is /30 I guess? Why not just allow specific IP or even ranges.. like 10.10.10.5, 10.10.10.5-10, and 10.10.20.0/24
Any help or input is appreciated 😊
/H