05-25-2025 11:35 AM
Hello,
We are currently running 28 Palo Alto VM-Series firewalls, deployed as 14 HA pairs (active/passive). Each firewall is hosted on a virtualized environment with standard disk allocation.
We heavily rely on traffic logs and threat logs for compliance purposes, and we're starting to hit retention limits due to limited disk capacity.
My Questions:
Is it officially supported to add additional virtual disks to VM-Series firewalls to increase log retention capacity?
If yes, what is the recommended process for adding and mounting the new disk?
Will PAN-OS automatically detect and use the added disk space?
Does the firewall need to be rebooted?
How do I safely expand log storage on each firewall without impacting the HA pair?
What are the best practices when working in active/passive HA mode?
Are there performance or stability concerns when increasing log storage significantly on VM-Series?
Thanks in advance.
King regards,
06-02-2025 06:00 AM
You can add 1 additional disk, it will replace your current log partition (adding more disks has no impact)
The storage for each log type needs to be configured by setting the quota (device > setup > management > logging and reporting settings), so you control the retention by assigning enough disk% to the log you want to retain
You can use the default settings but i'm guessing you want to prefer certain types over others
05-27-2025 04:11 AM
here's a doc how to add a disk to the VM:
reboots are required so make sure you have a suitable maintenance window
have you considered connecting all your firewalls to the Strata Logging Service ? you'll have centralized logging for everything and you don't need to touch your VMs' disks and perform reboots and all that 🙂
bonus is centralized management via Strata Cloud Manager ('essentials' edition is free) if you want
05-27-2025 04:55 AM
Hi @reaper
Thank you very much for your response. I have a few follow-up questions:
If I add more disks, will the retention time automatically increase, or is manual configuration required to utilize the additional storage?
Is the adjustment to retention time handled automatically?
Will adding more disks have any impact on licensing?
Kind regards,
06-02-2025 06:00 AM
You can add 1 additional disk, it will replace your current log partition (adding more disks has no impact)
The storage for each log type needs to be configured by setting the quota (device > setup > management > logging and reporting settings), so you control the retention by assigning enough disk% to the log you want to retain
You can use the default settings but i'm guessing you want to prefer certain types over others
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
