#Just a gripe about vserver migrate

Netapp, why? Why on earth when using ONTAP 9.16 do we even care about the firewall policies on data lifs?

When doing a vserver migrate, ONTAP fails the process due to the source lifs having a firewall policy that isn’t on the destination.

When you create and use a custom service policy, ONTAP magically changes the firewall policy to be the same.

If it’s deprecated and not used if there is a service policy, why not just ignore the damn thing

To be clear: these customers that use the STIG and other security guidelines to create secure service-policies (so non-default service-policies) are typically the ones affected.

I relate, had to change some firewall policies during multiple svm migrations a few weeks back

also wish it would document better the whole process - like how it will create all the source cluster level snapshot policies in the destination svm, not a big deal but would be nice to know these things

I think this may have also been an older system that originally used firewall policies and has been upgraded. The output

Reason: firewall policy data_stig cannot be applied to LIFS because the policy could not be found on vserver or the associated IPspace.

And when looked at the firewall policy was data _stig.

ONTAP really should not care since firewall policies are not used

Oh, and once I’m able to replicate, I’ll get a bug or two filed

@spare prism we had also some problems with svm migrate. After opening a case, some points where corrected in the docs