- Notes, cautions, and warnings
- Introduction to this guide
- PowerScale scale-out NAS
- Introduction to the OneFS command-line interface
- General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
- Licensing
- Certificates
- Cluster identity
- Cluster contact information
- Cluster date and time
- SMTP email settings
- Configuring the cluster join mode
- File system settings
- Data compression settings and monitoring
- Events and alerts
- Cluster configuration backup and restore
- Cluster monitoring
- SupportAssist
- Access zones
- Data Security overview
- Base directory guidelines
- Access zones best practices
- Access zones on a SyncIQ secondary cluster
- Access zone limits
- Quality of service
- Zone-based Role-based Access Control (zRBAC)
- Zone-specific authentication providers
- Managing access zones
- Create an access zone
- Assign an overlapping base directory
- Manage authentication providers in an access zone
- Associate an IP address pool with an access zone
- Modify an access zone
- Delete an access zone
- View a list of access zones
- Create one or more access zones
- Create local users in an access zone
- Access files through the RESTful Access to Namespace (RAN) in non-System zones
- Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- LDAP
- NIS
- Kerberos authentication
- File provider
- Local provider
- Multifactor authentication (MFA)
- Single sign-on overview
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
- Managing Active Directory providers
- Managing LDAP providers
- Managing NIS providers
- Managing MIT Kerberos authentication
- Managing file providers
- Managing local users and groups
- View a list of users and groups by provider
- Create a local user
- Create a local group
- Naming rules for local users and groups
- Configure or modify a local password policy
- Local password policy settings
- Modify a local user
- Modify a local group
- Delete a local user
- Delete a local group
- Configure a login delay
- Configure a concurrent session limit
- Set a user account to be disabled when inactive
- Reset a password for a user
- Change a user password
- Managing SSH MFA for Duo
- Managing SSO
- Administrative roles and privileges
- Identity management
- Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
- Data access control
- File sharing
- File sharing overview
- SMB security
- NFS security
- File filtering
- Auditing and logging
- Auditing overview
- Syslog
- Syslog forwarding and TLS
- OpenBSM service
- Protocol audit events
- Audit log purging
- Managing audit settings
- Enable configuration change auditing
- Forward configuration changes to syslog
- Enable protocol access auditing
- Forward protocol access events to syslog
- Configure protocol audited zones
- Configure protocol event filters
- Enable system auditing and forwarding
- Import certificate for TLS syslog forwarding
- Set the audit hostname
- View audit settings
- Automatic deletion
- Manual deletion
- Integrating with the Common Event Enabler
- Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- Creating snapshots with SnapshotIQ
- Managing snapshots
- Restoring snapshot data
- Managing snapshot schedules
- Managing snapshot aliases
- Managing with snapshot locks
- Configure SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
- Deduplication with SmartDedupe
- Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
- Replication snapshots
- Replication policy priority
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
- Managing replication to remote clusters
- Managing replication policies
- Managing replication to the local cluster
- Managing replication performance rules
- Managing replication reports
- Managing failed replication jobs
- Restrict SyncIQ to use the interfaces in the IP address pool
- Modify the Restrict Target Network value
- Data Encryption with SyncIQ
- Data Transfer with Datamover (SmartSync)
- Datamover (SmartSync) overview
- Datamover definitions
- Datamover policies
- Bandwidth and CPU throttling during data transfer
- Generate and install certificates
- Example DM to DM system workflow
- Datamover management tasks
- Create a Datamover account
- List and view Datamover accounts
- Create a Datamover base policy
- List and view Datamover base policies
- Link a Datamover base policy to a concrete policy
- Create a Datamover CREATION policy
- Create a Datamover COPY policy
- List and view Datamover policies
- Delete a Datamover policy
- Delete a Datamover account
- Data layout with FlexProtect
- Data Removal with Instant Secure Erase (ISE)
- Protection domains
- SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk-usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
- Managing quotas
- Search for quotas
- Manage quotas
- Export a quota configuration file
- Import a quota configuration file
- Managing quota notifications
- Email quota notification messages
- Managing quota reports
- Basic quota settings
- Advisory limit quota notification rules settings
- Soft limit quota notification rules settings
- Hard limit quota notification rules settings
- Limit notification settings
- Quota report settings
- Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
- Virtual hot spare
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
- Tiers
- File pool policies
- Managing node pools through the command-line interface
- Delete an SSD compatibility
- Create a node pool manually
- Add a node to a manually managed node pool
- Add a new node type to an existing node pool
- Remove a node type from a node pool
- Change the name or protection policy of a node pool
- Remove a node from a manually managed node pool
- Remove a node pool from a tier
- View node pool settings
- Modify default storage pool settings
- Managing L3 cache from the command-line interface
- Managing tiers
- Creating file pool policies
- Managing file pool policies
- Monitoring storage pools
- Pool-based tree reporting in FSAnalyze (FSA)
- System jobs
- S3 support
- Small Files Storage Efficiency for archive workloads
- Networking
- Networking overview
- About the internal network
- About the external network
- Managing internal network settings
- Managing groupnets
- Managing external network subnets
- Managing Multi-SSIP
- Managing IP address pools
- Managing SmartConnect Settings
- Managing connection rebalancing
- Managing network interface members
- Managing node provisioning rules
- Managing routing options
- Managing DNS cache settings
- Managing host-based firewalls
- Reset global policy for the OneFS firewall service
- Clone a firewall policy
- Create a firewall policy
- Delete a firewall policy
- List firewall policies
- Modify a firewall policy
- View a firewall policy
- Create a firewall rule
- Delete a firewall rule
- List firewall rules
- Modify a firewall rule
- View a firewall rule
- List firewall services
- Modify firewall settings
- View firewall settings
- Smart QoS
- Smart QoS
- Workload monitoring
- Create a standard dataset
- Pin a workload
- Enable or disable protocol operations
- View protocol operations limits
- Set protocol operations workload limits
- Clear protocol operations workload limits
- View workload protocol operations limits
- Create a dataset with filters
- Apply filter(s) to a dataset
- View statistics
- Additional information
- IPMI
- Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Add and connect to a CAVA server
- Modify CAVA connection settings
- List or view CAVA servers
- Disable connection to a CAVA server
- Delete a CAVA server configuration
- Create an IP pool in a CAVA server
- Create a dedicated Access Zone on a CAVA server
- Create an Active Directory authentication provider for the AvVendor access zone
- Update the role in the access zone
- Scan CloudPool files in a CAVA server
- View CloudPool scan timeout
- Manage CAVA filters
- Manage CAVA jobs
- Create an ICAP antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
PowerScale OneFS 9.6.x.x CLI Administration Guide
Modify a firewall policy
You can add and remove firewall policies such as network pools and subnets.
Steps
-
To identify the name of the firewall policy that you want to modify, run the following command:
isi network firewall policies list
-
Run the
isi network firewall policies modify <policy_id> command.
Specify the ID of the policy name, the IDs of the network pools, and IDs of the subnets you want to add or remove. Add network pools by running a command similar to the following.
isi network firewall policies modify <policy_id> --add-pools <network pool id,...> --add-subnets <network subnet id,...>
The <network_pool_id> must be a string that identifies the ID of a pool consisting of a <groupnet_id>, a <subnet_id>, and a pool name separated by a ':' or a '.'. The pool name must be unique throughout the subnet. It must consist of the supported characters [a-z A-Z 0-9-] and may be up to 32 characters long. For example:
groupnetA:subnetA:poolA, groupnetA.subnet1.pool1
The <network_subnet_id> must be a string that identifies the ID of a subnet consisting of a <groupnet_id> and a subnet name that is separated by a ':' or a '.'. The subnet name must be unique throughout the cluster. It must consist of the supported characters [a-z A-Z 0-9-] and may be up to 32 characters long. For example:
groupnetA:subnetA_1, groupnetB.subnetB_3
-
Remove network pools by running a command similar to the following. Note that a subnet or pool must be associated with a firewall policy, either a global policy or a custom policy. Therefore, if you remove a pool from a custom policy, the pool is automatically associated with the global policy.
isi network firewall policies modify <policy_id> --remove-pools <network pool id,...> --remove-subnets <network subnet id,...>
Example
NOTE: If a firewall policy has been applied to network subnets or pools, use caution when modifying rules of that policy because some operations take effect immediately on all network subnets and pools that are linked to a policy. If a policy has been applied to any network pools, you must use the
--live option to force it to take effect immediately. The
--live option must only be used when a user issues a command to modify or delete an active custom policy and to modify the default policy. Using the
--live option on an inactive policy will be rejected.
NOTE: The following two policy names are reserved and cannot be used to create a policy:
default_pools_policy and
default_subnets_policy.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\