Skip to main content
NetApp Knowledge Base

Which ports are needed to run fpolicy through a firewall?

Last Updated:

Applies to

  • ONTAP 9
  • Clustered Data ONTAP 8
  • FPolicy


ONTAP uses two separate protocols for the purpose of FPolicy.

  • FPolicy specific port number dependent on the fpolicy configuration, this connection will be outgoing from one of the Data LIFs of the SVM towards the configured FPolicy server IP
  • HTTPS (TCP port 443) towards the management LIFs configured in the external fpolicy engine, these connections will be incoming towards the storage controller

Most external engines will use ZAPI calls to configure the specific port being actually used for fpolicy traffic, check the FPolicy documentation to know which port will be used

Additional Information

Below is an example of an SVM attempting to reach FP engine, but the handshake (on port 2002) is not being responded to:

Work with customer's firewall team to determine if port 2002 (in this example) is allowed.


NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.