How to enable IPsec
Applies to
- ONTAP 9.8
- IPsec
Description
- To ensure data is continuously secure and encrypted, even while in transit, ONTAP uses Internet Protocol Security (IPsec) in transport mode.
- IPsec offers data encryption for all IP traffic including the NFS, iSCSI, and SMB/CIFS protocols.
- IPsec provides the only encryption in flight option for iSCSI traffic.
- While IPsec capability is enabled on the cluster, the network requires a Security Policy Database (SPD) entry and a pre-shared secret on the client before traffic can flow.
- After IPsec is configured, network traffic between the client and ONTAP is protected with preventive measures to combat replay and man-in-the-middle (MITM) attacks.