Before you plan and create your FPolicy configuration, you should understand the basics of how FPolicy works.
What the two parts of the FPolicy solution are
There are two parts to an FPolicy solution. There is the Data ONTAP FPolicy framework that manages activities on the cluster and sends notifications to external FPolicy servers and there are external FPolicy servers that process notifications sent by Data ONTAP FPolicy.
What synchronous and asynchronous communications are
FPolicy sends notifications to external FPolicy servers via the FPolicy interface. The notifications are sent either in synchronous or asynchronous mode. The notification mode determines what Data ONTAP does after sending notifications to FPolicy servers.
How FPolicy on clustered Data ONTAP works with external FPolicy servers
After FPolicy is configured and enabled on the Vserver, FPolicy on clustered Data ONTAP runs on every node on which the Vserver participates. FPolicy is responsible for establishing and maintaining connections with external FPolicy servers, for notification processing, and for managing notifications messages to and from FPolicy servers.
How FPolicy services work across Vserver namespaces
Data ONTAP provides a unified Vserver namespace. Volumes across the cluster are joined together by junctions to provide a single, logical file system. The FPolicy server is aware of the namespace topology and provides FPolicy services across the namespace.
FPolicy configuration types
There are two basic FPolicy configuration types. One configuration uses external FPolicy servers to process and act upon notifications. The other configuration does not use external FPolicy servers; instead, it uses the Data ONTAP internal, native FPolicy server for simple file blocking based on extensions.