How to block the CIFS and NFS protocols on the Element mNode
Applies to
- NetApp SolidFire
- NetApp HCI
-
Management node (mNode) running management services 2.11 or above
Description
The Element Management Node (mNode) utilizes an SMB (Samba) share during the firmware upgrade process for compute nodes; as a result, these protocols and associated ports are open on the mNode and will appear as such in the results of a security scan:
- NFS - 2049 TCP/UDP
- CIFS - 445 TCP / 139 TCP
A patch is available which can be used to:
- block the ports for one or both of these protocols on the mNode
- unblock the ports for these protocols (this is necessary in order to run a compute node upgrade; the ports can be re-blocked afterwards)