Query About To Increase VM-Firewall Disk Storage Size

Reply
Highlighted
L3 Networker

Query About To Increase VM-Firewall Disk Storage Size

Hi Team,

 

We deployed a VM series firewall in azure and it's in production now. 
Presently the VM-Firewall OS disk storage size is 60GB and there is no Data Disk used. 

Since the customer is need a 6 months of log retention period. 
As customer isn't ready to forward the logs to any external syslog server or panorama. 

So we planed to increse a disk size of an existing VM-firewall to store all the logs in local firewall itself for 6 month of retention period. 

The query is what is the best practice to increase disk storage of the existing VM-firewall ? 

1. To increase a OS Disk storage or purchase a data disk and attach it to the existing VM? 

2. If we have a sperate data disk attached to the existing VM-firewall, does the firewall automaticaly stores all logs to the data disk? 
3. If we increase the firewall OS disk storage, does it will affect the firewall performance? 


Regards 
Sethupathi M


Accepted Solutions
Highlighted
L3 Networker

Hi Team,

 

I added extra DATA DISK post turn off the VM on Azure then firewall will consider extra disk space for logging purpose.

Before adding disk:
rahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 120K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sda8 21G 183M 20G 1% /opt/panlogs <<<

After adding disk:

ahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 136K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sdc1 99G 199M 94G 1% /opt/panlogs

 

 

I have also replicated the same behavior on AWS platform, so we can go ahead and increase the disk size on Azure for logging storage.

 

_

Regards,

Sethupathi M

View solution in original post


All Replies
Highlighted
Cyber Elite

Hello

 

I am not sure that we are supposed to be increasing the default size of the FWs.

The customer should make a decision to purchase either a Azure-based Panorama (for collecting the logs), implement a Cortex Data Lake (for collecting logs and machine learning analysis), or consider what logs need to be tracked.

 

30% of the hard drive is partitioned for Traffic logs.

16% of the hardware is partitioned for Threat Logs

4% for Configuration Logs

4% for System logs.

 

MUST ALL traffic from the be logged?  Example of traffic that would not needed to be (web-browsing, dns, ssl), as these are applications that log quickly, filling up the hardware drive.  With proper planning, perhaps a balance could be determined to see IF there is a need to change the % of the partitions around.

 

From the gui of the FW, the person should go to the Device Log --> Setup --> Logging and Reporting (it is the 3rd tile DOWN within setup).... Modify this section,which by default does not have any days for logs to last, as shown in my example below

 

SteveCantwell_0-1600090131297.png

 

After the commit, one should (1x/week) ssh into the FW to issue this command

> show system logdb-quota

 

The output (in about 30 secs or less) will tell you what percentage you have configured for traffic, and it also tell you how much you have used to date.

 

 

Quotas:
system: 0.75%, 0.032 GB Expiration-period: 30 days
config: 0.75%, 0.032 GB Expiration-period: 30 days
alarm: 0.75%, 0.032 GB Expiration-period: 30 days
appstat: 0.75%, 0.032 GB Expiration-period: 30 days
hip-reports: 0.75%, 0.032 GB Expiration-period: 30 days
traffic: 48.39%, 2.056 GB Expiration-period: 180 days
threat: 25.00%, 1.062 GB Expiration-period: 180 days
Disk usage:
traffic: Logs and Indexes: 2.1G Current Retention: 96 days
threat: Logs and Indexes: 1.1G Current Retention: 48 days
system: Logs and Indexes: 32M Current Retention: 4 days
config: Logs and Indexes: 33M Current Retention: 12 days

 

 

 

Help the community: Like helpful comments and mark solutions
Highlighted
L3 Networker

Hi Team,

 

I added extra DATA DISK post turn off the VM on Azure then firewall will consider extra disk space for logging purpose.

Before adding disk:
rahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 120K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sda8 21G 183M 20G 1% /opt/panlogs <<<

After adding disk:

ahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 136K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sdc1 99G 199M 94G 1% /opt/panlogs

 

 

I have also replicated the same behavior on AWS platform, so we can go ahead and increase the disk size on Azure for logging storage.

 

_

Regards,

Sethupathi M

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!