Starwind 5 access rights

megacc · Mon Nov 16, 2009 12:52 am

Hi ,

im trying to filter out unwanted iscsi initiator clients through access rights rules but it didn't work , the initiator client failed to detect the target.
i setup access rights as follow :

-myrule : (source :iqn.1991-05.com.micrososft.com:mail-srv.mydomain.com) , (destination : iqn.2008-08.com.starwindsoftware.com:starwind01.mydomain.com-one),(interface:all interface) <== set to allow
-DefaultAccessPolicy : Denied

is that correct ?

Robert (staff) · Mon Nov 16, 2009 1:13 pm

Does it connect with no access rights at all?
Also, can you post here a screen shot of your access right inlay?

Thanks

megacc · Mon Nov 16, 2009 1:46 pm

Hi Robert ,
If I set (DefaultAccessPolicy : set to allow) it will connect , i found strange thing :
on ("-myrule : (source :iqn.1991-05.com.micrososft.com:mail-srv.mydomain.com) , (destination : iqn.2008-08.com.starwindsoftware.com:starwind01.mydomain.com-one),(interface:all interface) <== set to allow") at destination i replace the iqn target name with a device name and it work although in the list there wasn't any device name only iqn target names . im far away from the pc now but i'll try to get a screen shot as soon as possible

thanks

Robert (staff) · Fri Nov 27, 2009 5:01 am

Any chance we could get that screen shot?

Thanks.

EGarbuzov · Thu Jan 14, 2010 3:36 pm

Hi!

I have same question.
1. Pic.1 "All allow": all my ESXs (gesx2, vhs211, vhs212, etc...) can see and work with all LUNs (main, backUP, batrachenko). All OK.
2. Pic. 2 "My rules": gesx2 see LUN main, but doesn't see LUN backUP. I try reboot esx and rescan vmhba many times.

I want to connect both LUNs (main and backUP) to gesx2. What should I do whith Access Rights?

PS: sorry for my english

Constantin (staff) · Fri Jan 15, 2010 12:26 pm

I recommend you to change default policy to block. Then add all required initiators to white list.