vSEC (VE) R80.10

Duane_Hartman · ‎2018-01-05

I have recently run into a substantial issue with vSEC for ESXi (R80.10). This issue revolves around the vSEC being supported as a Standalone Server versus a distributed environment. In researching the product, along with conversations with appropriate check point pre-sales engineers, it would appear that for smaller environments the Standalone Server would work without issue.

Recently have run into an issue with disk space errors on this installation which appear to (primarily) revolve around the growth of log files within the /var/log volume of the appliance. As the appliance is installed via an OVF template, there is no way to customize the size of particular volumes such as root, var/log, etc. This has led to TAC suggesting the the supported configuration is a distributed environment, though this appears to necessitate the purchase of yet another license for the Management Server.

Given the extensive logging that is implemented within R80.10, I am wondering if anyone has tried vSEC utilizing R77.30 in a Standalone environment? If so, what if any issues were encountered?

Vladimir · ‎2018-01-05

Hi,

The OVF is intended for the Gateway only installation, it actually explicitly states:

Download Details

R80.10 vSEC Virtual Edition (VE) Gateway in Network Mode - VMWare OVF template

For management, you should go the route of installing from ISO as Open Server on VMware.

I cannot stress enough how bad of an idea it is to try and use all in one solution: you are risking corruption of the configuration along with the impact on the gateway.

It may be acceptable, if installed as Open Server for quick and dirty proof of concept setup, otherwise, all in one is the realm of the appliances for SMBs.

Regards,

Vladimir

Duane_Hartman · ‎2018-01-06

I appreciate your comments and have installed with the ISO, which allowed me to customize the installation per recommended volume (partition) sizes. I would note that in my discussions with TAC (and closer scrutiny of the release notes) that the OVF (VE) running as a Gateway only does not meet the recommendations for volume (partition) sizes. Again, the ISO solved both problems and appears to run fine in a VMWare v6.5 environment. Thank you for your valuable input.

Maarten_Sjouw · ‎2018-01-07

What we did on our management server when we did not have the space in the build of the machine we attached another disk, through fiberchannel and added this as a logical disc with a symbolic link for the log directory. Just think about the idea itself and add a disk in VM to the machine and use this as a symbolic link for your /var/log/CPlog location.

Another option is to resize the disc within Gaia, as it is all based on Red Hat there is more than enough you will be able to find about how to do that.

Regards, Maarten

Vladimir · ‎2018-01-07

You are quite welcome.

As Maarten has mentioned, there is way to add disks, resize partitions and re-point symlinks, described in sk94671, How to add hardware resources, such as log storage, to a VMware Virtual Machine running Gaia OS

and I had, in the past, made use of it precisely after finding myself in a situation similar to yours (in my lab environment).

That being said, if you would like to maintain the simplicity of using single virtual disk, ISO does provide better initial configuration options.

cezar_varlan1 · ‎2018-10-15

This OVF option is the ONLY listed supported install media for 80.10 VSEC VE Network Mode as of sk101441.

The 80.10 VE has a 50GB disk which is an improvement, however it is still not a sufficient one as you would still need to manually extend your disk according to sk118356 and/or sk114115.

The issue is even if it is only an image for Gateways it would not accommodate Snapshots out of the box!

Vladimir · ‎2018-10-16

IMHO, the Gaia native snapshots on VSEC is not a really good idea.

They have limitations in terms of naming and descriptions, require way too much space, are essentially creating another partition and for export of the snapshot, are using yet more space and resources.

I'd prefer to use native virtualization platform snapshot capabilities with Gaia's scheduled backups.