This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pradeepsalunke
Explorer
‎2022-10-07 12:11 AM

How to take snapshot of firewalls under VSX

How to take snapshot of firewalls under VSX. we have vsx setup under that there are four firewalls.

 

0 Kudos
7 Replies
Oliver_Fink
Advisor
Advisor
‎2022-10-07 12:57 AM

You can create snapshots via Clish: add snapshot __SHORT__ desc "__DESCRIPTION__"

You can see all snapshots with: show snapshots

You can see details of a snapshot with: show snapshot __SHORT__

Be aware if your file system is XFS. I am not sure, but this seems to be the default since R81. We had the problem that the snapshot produces a very high load with normal disks leading to a VSX node becoming unavailable and losing connections (load rises from below 5 to far above 30 on a 32 core machine). Such, we are producing snapshots only during maintenance windows after moving all VSes to another node.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-10-07 01:55 AM

Further to @Oliver_Fink guidance make sure you also have recovery points for the Managment server for the same point in time.

Refer also: sk100395, sk101515

CCSM R77/R80/ELITE
Bob_Zimmerman
Authority
Authority
‎2022-10-07 10:40 AM

To directly address a potential point of confusion, a VSX box is a single firewall. One operating system, one set of logical volumes. It just has multiple VRFs.

Snapshots are an OS-level thing. Since all the VSs on a VSX box are running under the same OS, a snapshot covers all of them.

0 Kudos
Matlu
Advisor
‎2025-05-01 05:29 AM
In response to Bob_Zimmerman

Hello
What are the 'must-haves' before taking a SNAPSHOT in a productive environment?

How much minimum disk space should you have in a VSX box?
Should the #df -h command be used on the VS0, as part of the pre-validations?

Does a box volume issue also have to be validated as such before running a SNAPSHOT?

Thanks. 

0 Kudos
emmap
Employee
Employee
‎2025-05-01 07:52 PM
In response to Matlu

If you do a 'show snapshots' from clish on your box it will tell you if it has enough space for a new one. Snapshots are stored in unpartitioned space, so the 'df -h' output isn't relevant to them. 

0 Kudos
Matlu
Advisor
‎2025-05-02 04:32 AM
In response to emmap

Hi
Do you have to check the 'unpartitioned space' before taking a new SNAPSHOT?
How do you check this, and what is the ideal value you should have to be able to run a SNAPSHOT?

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2025-05-02 11:08 AM
In response to Matlu

Run the command 'show snapshots' in clish. It will tell you how much space is available and approximately how much space will be consumed by a new snapshot (snapshots generally take a little less space than clish says they will).

[Expert@DallasSC]# clish -c "show snapshots"
Restore points:
---------------
AutoSnap_2025_04_30__08_00
AutoSnap_2025_05_01__08_00
AutoSnap_2025_05_02__08_00

Creation of an additional restore point will need 18.384G
Amount of space available for restore points is 160.03G

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events