Thanx for the detailed reply. Unfortunately the path I am talking about is different than the one mentioned in the SK. I can symlink it to /storage but before that I want R&D to confirm it is OK to do it. Hopefully they are monitoring this thread...

I would not think that R&D is monitoring these posts - i would rather involve TAC  if the issue is important to me... As long as there is no apparent issue caused by less space in /fwtmp than needed for operation i would not care at all.

Regarding the path: We all talk about partition /fwtmp that contains directories and symlinks. Some directories have developed to symlinks because of the need for more storage, e.g. /__tmp. In sk98606 we learn how to enlarge this partition, but: By design, 1100 appliance has shared volatile memory between mounted file system and RAM. Care should be taken when space is allocated to the file system, as available RAM is reduced accordingly.

There is the third option.... I will symlink it and see what happens. But not Friday afternoon; next week 🙂

Well, I double and triple checked it and although I have Device -> Advanced Settings -> Additional Management Settings - Move temporary policy files to storage set to true this is the result:

# ls -l /opt/fw1/state/__tmp
lrwxrwxrwx 1 root root 22 Feb 28 12:47 /opt/fw1/state/__tmp -> /flash/fw1/state/__tmp

# ls -l /opt/fw1/state/local
lrwxrwxrwx 1 root root 22 Feb 28 12:47 /opt/fw1/state/local -> /flash/fw1/state/local

Surprisingly this is not the /storage partition but /pfrm2.0 that is less in space. Go figure.... 🤔 

On SMB directory /fwtmp/opt/fw1/state/<CLUSTER OBJECT>/FW1 is not existent right after reboot. It is created empty shortly after that and populated with files for first time after policy install.

The last installed policy is persistent on SMB as well. On boot it will compare local and management server policy versions and if they match it will be loaded from local storage. 

Tom, if possible can you please run this command on that problematic appliance and paste output:

# du -sh /fwtmp/opt/fw1/cpeps/

Sure.

----------------------------------
[Expert@hostname]# du -sh /fwtmp/opt/fw1/cpeps/
34.4M /fwtmp/opt/fw1/cpeps/

It looks like the customer rebooted the gateway yesterday, but /fwtmp still is 100%.
Seems the cpeps directory is not cleared after reboot..? 🤔

You can do it manually but there is downtime:

# cd /fwtmp/opt/fw1/cpeps/

# cpstop

# <copy files from cpeps somewhere, e.g. /storage/cpeps>

# rm -f *

# cpstart

Thanks 🙂
Will consider to do it if the investigation will take more time. (or simply just failover to standby)

but I wonder why this is happening in a cluster..
Hope we get some workarounds or tweaks in behavior regarding cpeps dir.

It's a common problem. There is even SK about that but I can't find it at the moment. 

While talking about temp directories is anyone able to explain why are 500MB RAM space reserved for appliance that has TE blade disabled?

tmpfs on /tetmp type tmpfs (rw,relatime,size=512000k)

cpInit: mkdir /tetmp
cpInit: mount tmpfs /tetmp -t tmpfs -o size=${te_size_mb}m
cpInit: ln -s /tetmp /opt/fw1/tmp/dlp
cpInit: ln -s /tetmp /opt/fw1/tmp/te

Here is how to increase /fwtmp size...

Because  this is filesystem mounted in memory, if you can spare a bit of it you can allocate it to /fwtmp folder. For example, to increase it from 40MB to say 50MB, login and issue following command:

# fw_setenv fwtmp_dir_size 50

Reboot and enjoy...

# df -h /fwtmp
Filesystem Size Used Available Use% Mounted on
tmpfs 50.0M 25.7M 24.3M 51% /fwtmp

Tom, this is a thread on centrally managed SMB and you have the issue on a 790 which cannot be centrally managed?

It's interesting to know it doesn't seem related to being centrally managed or not.

i am facing the same issue right now do you found any solution for that  ??

i am using 1500 appliances on locally managed.

AFAIK after engaging with RnD back then, there were some issues regarding some files not automatically deleted from fwtmp directory that may caused to fill up ending up causing the device to become unstable. I believe this goes for not only locally managed but also centrally managed. 

Also, to adapt to the current customer traffic usage, the fwtmp directory was increased to 60MB which I heard is considered to be enough to not cause the directory filling up.

The small fixes for the issue and fwtmp size tweak should be included since R77.20.87 Build 990173072 for 700/1400 or R80.20.15 Build 992001451 for 1500s. Are you already on the latest build (R80.20.25 Build 992002077)? You may want to start there.