Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maria_Pologova
Collaborator

Install database process

Hello.

I'm struggling to find information about what "Install Database" in R77.30 actually does. I understand that it is necessary to install database after configuring Mail Alerts, Log servers, something that is related to management components. 

Is it the same process that happens when Management Servers are being synchronized upon policy installation?

I hope you could give me some insight or share links where I could read about this.

Thank you in advance.

6 Replies
PhoneBoy
Admin
Admin

To be honest, I've never seen a document that explains exactly what happens during an Install Database.

However, I do know you need to do an Install Database when:

  • Making changes involving locally defined users
  • Making certain changes to management objects 

If you don't mind me asking, why are you asking about this? 

Maria_Pologova
Collaborator

Initial reason was that I was asked by my colleague and I could not give the answer, because I don't understand myself what is happening during this process and why we need to use it. Smiley Happy This might be somehow different from Management Servers synchronization process and I'm trying to catch this difference. 

0 Kudos
_Val_
Admin
Admin

Hi Maria,

R77.30 Management database is in fact a bunch of text files with description of policies, network objects, users, groups, protocols and services, etc.

The structure and dependencies with these files are complex, as some changes are saved directly when you edit and save changes, and some others are done only when you prepare a FW policy for compilation.

One of the reasons to install database may be related to log management. When you create a new object, it will not show up on the logs as such until you install database on the log server. 

Management Sync is a completely different matter. It is a process to dump the current state of your Primary Management Database to the Standby Management server. It has nothing to do with DB status, although there is an option to trigger management sync automatically after each policy or DB installation

0 Kudos
Timothy_Hall
Legend Legend
Legend

I get this question all the time in the CCSA classes I teach, and the best way I've found to explain it is the following:

"Install Database" is more or less a subset of an "Install Policy" operation to a security gateway.  Prior to starting the verification and compilation of a gateway's security policy, the SMS (and any other secondary SMS's or separate Log Servers) needs to "get its own house in order" by checking for any configuration changes on the SMS object or other Global Property settings that affect its own operation.  This could be any change on the SMS object itself such as enabling the Compliance blade, the SmartEvent blade, a change in firewall log retention policy, and/or any changes made to locally-defined user accounts in the SmartDashboard/SmartConsole as mentioned above.  If there are any changes detected the SMS implements them in its own live configuration before proceeding. 

In R77.30 the "Install Database" operation invoked the command "fwm dbload" on the SMS which performed some or perhaps all of the "Install Database" operation, but I'm not sure if this command is still relevant in R80.10.  Note that a publish operation in R80+ management simply commits proposed/candidate changes in an administrator's session to the SMS's postgres database configuration, and is a completely different type of operation.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Hugo_vd_Kooij
Advisor

Install database is used to push objects and such to Management components.

Most notably pushing the objects to the SmartEvent system so you SmartEvent system can work.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Israel
Explorer

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events