Service policy AllowedAddresses not enforced when firewall service is disabled
Applies to
ONTAP 9.10.1 and later
Issue
- Management access (SSH/HTTPS) to cluster or node management logical interfaces (LIFs) remains available from non-permitted IP addresses
- Service policy is configured with
AllowedAddressesto restrict source IPs - Audit logs show successful SSH or HTTPS logins from IP addresses not listed in the service policy
- Node firewall service status shows disabled