- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-13-2020 09:02 AM
Hi Team,
We deployed a VM series firewall in azure and it's in production now.
Presently the VM-Firewall OS disk storage size is 60GB and there is no Data Disk used.
Since the customer is need a 6 months of log retention period.
As customer isn't ready to forward the logs to any external syslog server or panorama.
So we planed to increse a disk size of an existing VM-firewall to store all the logs in local firewall itself for 6 month of retention period.
The query is what is the best practice to increase disk storage of the existing VM-firewall ?
1. To increase a OS Disk storage or purchase a data disk and attach it to the existing VM?
2. If we have a sperate data disk attached to the existing VM-firewall, does the firewall automaticaly stores all logs to the data disk?
3. If we increase the firewall OS disk storage, does it will affect the firewall performance?
_
Regards
Sethupathi M
09-21-2020 12:36 AM
Hi Team,
I added extra DATA DISK post turn off the VM on Azure then firewall will consider extra disk space for logging purpose.
Before adding disk:
rahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 120K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sda8 21G 183M 20G 1% /opt/panlogs <<<
After adding disk:
ahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 136K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sdc1 99G 199M 94G 1% /opt/panlogs
I have also replicated the same behavior on AWS platform, so we can go ahead and increase the disk size on Azure for logging storage.
_
Regards,
Sethupathi M
09-14-2020 06:32 AM
Hello
I am not sure that we are supposed to be increasing the default size of the FWs.
The customer should make a decision to purchase either a Azure-based Panorama (for collecting the logs), implement a Cortex Data Lake (for collecting logs and machine learning analysis), or consider what logs need to be tracked.
30% of the hard drive is partitioned for Traffic logs.
16% of the hardware is partitioned for Threat Logs
4% for Configuration Logs
4% for System logs.
MUST ALL traffic from the be logged? Example of traffic that would not needed to be (web-browsing, dns, ssl), as these are applications that log quickly, filling up the hardware drive. With proper planning, perhaps a balance could be determined to see IF there is a need to change the % of the partitions around.
From the gui of the FW, the person should go to the Device Log --> Setup --> Logging and Reporting (it is the 3rd tile DOWN within setup).... Modify this section,which by default does not have any days for logs to last, as shown in my example below
After the commit, one should (1x/week) ssh into the FW to issue this command
> show system logdb-quota
The output (in about 30 secs or less) will tell you what percentage you have configured for traffic, and it also tell you how much you have used to date.
09-21-2020 12:36 AM
Hi Team,
I added extra DATA DISK post turn off the VM on Azure then firewall will consider extra disk space for logging purpose.
Before adding disk:
rahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 120K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sda8 21G 183M 20G 1% /opt/panlogs <<<
After adding disk:
ahul@rahultestha> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.8G 2.9G 58% /
none 6.9G 136K 6.9G 1% /dev
/dev/sda5 16G 1.1G 15G 7% /opt/pancfg
/dev/sda6 8.0G 991M 6.6G 13% /opt/panrepo
tmpfs 4.8G 4.4G 483M 91% /dev/shm
cgroup_root 6.9G 0 6.9G 0% /cgroup
/dev/sdc1 99G 199M 94G 1% /opt/panlogs
I have also replicated the same behavior on AWS platform, so we can go ahead and increase the disk size on Azure for logging storage.
_
Regards,
Sethupathi M
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!