cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Install database process

Hello.

I'm struggling to find information about what "Install Database" in R77.30 actually does. I understand that it is necessary to install database after configuring Mail Alerts, Log servers, something that is related to management components. 

Is it the same process that happens when Management Servers are being synchronized upon policy installation?

I hope you could give me some insight or share links where I could read about this.

Thank you in advance.

5 Replies
Admin
Admin

Re: Install database process

To be honest, I've never seen a document that explains exactly what happens during an Install Database.

However, I do know you need to do an Install Database when:

  • Making changes involving locally defined users
  • Making certain changes to management objects 

If you don't mind me asking, why are you asking about this? 

0 Kudos

Re: Install database process

Initial reason was that I was asked by my colleague and I could not give the answer, because I don't understand myself what is happening during this process and why we need to use it. Smiley Happy This might be somehow different from Management Servers synchronization process and I'm trying to catch this difference. 

0 Kudos

Re: Install database process

Hi Maria,

R77.30 Management database is in fact a bunch of text files with description of policies, network objects, users, groups, protocols and services, etc.

The structure and dependencies with these files are complex, as some changes are saved directly when you edit and save changes, and some others are done only when you prepare a FW policy for compilation.

One of the reasons to install database may be related to log management. When you create a new object, it will not show up on the logs as such until you install database on the log server. 

Management Sync is a completely different matter. It is a process to dump the current state of your Primary Management Database to the Standby Management server. It has nothing to do with DB status, although there is an option to trigger management sync automatically after each policy or DB installation

0 Kudos

Re: Install database process

I get this question all the time in the CCSA classes I teach, and the best way I've found to explain it is the following:

"Install Database" is more or less a subset of an "Install Policy" operation to a security gateway.  Prior to starting the verification and compilation of a gateway's security policy, the SMS (and any other secondary SMS's or separate Log Servers) needs to "get its own house in order" by checking for any configuration changes on the SMS object or other Global Property settings that affect its own operation.  This could be any change on the SMS object itself such as enabling the Compliance blade, the SmartEvent blade, a change in firewall log retention policy, and/or any changes made to locally-defined user accounts in the SmartDashboard/SmartConsole as mentioned above.  If there are any changes detected the SMS implements them in its own live configuration before proceeding. 

In R77.30 the "Install Database" operation invoked the command "fwm dbload" on the SMS which performed some or perhaps all of the "Install Database" operation, but I'm not sure if this command is still relevant in R80.10.  Note that a publish operation in R80+ management simply commits proposed/candidate changes in an administrator's session to the SMS's postgres database configuration, and is a completely different type of operation.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Install database process

Install database is used to push objects and such to Management components.

Most notably pushing the objects to the SmartEvent system so you SmartEvent system can work.