Skip to main content
NetApp Knowledge Base

FPolicy enable does not result in engine-connect with many policies for ONTAP 9

Views:
448
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • Clustered Data ONTAP
  • ONTAP 9 
  • Varonis

Issue

  • A large number of FPolicy Policies can cause a timing problem in internal ONTAP tables that causes some policies to be in a disconnected state.
  • This has been observed specifically with Varonis FPolicy software and when FPolicy policies are over 60 policies cluster wide. (based on internal lab testing). Varonis will poll via ZAPI on a regular basis to ensure all collectors are connected. When this polling takes place, the collector, based on version, sends a blanketed disconnect to all Vservers proceeded by a reconnect.
  • In normal situations, Varonis sends a request to enable the policy to the Vservers . When a policy is enabled, it also automatically triggers an engine-connect, the Vservers will reach out on port 2002 to establish the FPolicy session. In this particular scenario, the Vservers receives the ZAPI request “fpolicy enable” and some if not all policies stay in a disconnected state. A network trace might also show a lack of any traffic from the Vservers data LIF on port 2002 to the FPolicy server.

 

Active IQ System Risk Detection

For customers who have enabled AutoSupport™ on their storage systems, the Active IQ Portal provides detailed System Risk reports at the customer and site and system levels. The reports show systems that have specific risks as well as severity levels and mitigation action plans. You may be reading this article as a result of one of those alerts. If this error is present in your logs:

[mgwd: mgmt.fpolicy.replay.failed:error]: FPolicy configuration replication process failed.

And Varonis Fpolicy is used with many fpolicy policies, please consider updating to the latest Fpolicy vendor software to help mitigate this issue.

 

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support