Administration Guides
NFS Lockout Feature

NFS Lockout Feature

This is now supported and enabled with IGLS command.  The default is disabled for NFS protocol to avoid lockouts on application hosts.  Once enabled, NFS source IP in the audit message is used to find exports that list this on a client list.   The IP is removed from the export and re-saved.   This will lockout the NFS host mount.  NOTE: This can cause stale mount issue on the hosts.  For server NFS applications we recommend using monitor only mode based on path our source ip address as best practice. 

Best Practice:

  1. In and later enable NFS monitor only with snapshot mode.  CLI guide below has the commands to enable this.
  2. Enable critical path mode for NFS protcol applications in release 2.5.10
  3. In earlier releases < 2.5.9, NFS host lockout is disabled by default and can be enabled with the caution above.   

See Eyeglass Ransomware CLI section in this guide  for configuration

© Superna Inc