FSx for NetApp - mount.nfs: access denied by server while mounting

Here is an example export policy that should allow mounting an FSx for NetApp ONTAP NFS volume from a Linux VM:

export-policy policy_name 
{
  rules 
  {
    nfs_rule_1 
    {
      clients {0.0.0.0/0;} 
      ro_rule {sys; }
      rw_rule {sys;}
    }
  }
}

vserver vserver_name 
nfs modify -vserver vserver_name -export-policy policy_name /fsx_volume

This export policy allows read-write access from all IP addresses (0.0.0.0/0) to the /fsx_volume path.

Some things to check:

• Make sure the security group for the FSx ONTAP file system allows inbound NFS traffic from the VM's security group
• Confirm the mount command on the VM is using the correct FSx DNS name and path
• Check export-policy rule show on ONTAP for any deny rules blocking access
• Check ONTAP logs at /mroot/etc/log/ for any relevant entries
• Try mounting first using IP address instead of DNS name
• Verify NFSv3 or NFSv4 is enabled on the volume in ONTAP

Start with a permissive export policy allowing full access, then tighten it down once basic mounting is working. The ONTAP logs and export-policy commands should help identify any specific policies blocking access.

Are your sure that the issue is linked to your NFS Policy?

AWS Security Groups - Ensure the "FSx for ONTAP Security Group" has inbound rules for:

• TCP/UDP 2049 (NFS)
• TCP/UDP 111 (RPC Bind)
• TCP/UDP 635 (Mountd)

Note: TCP/UDP 2049 (NFS) alone is not sufficient.