Are there any tips for avoiding ever-growing storage size inside a security management server?
Before the tips below please check out the R80.10 release notes to make sure your server is properly sized.
R80.10 introduces new automatic revision control. The revisions themselves are very light and only contain the delta diff (this is unlike pre-R80 Management servers where a revision was a zipped copy of the entire configuration). Either way, you can always open the Revisions view and purge older revisions.
An exception to the above are IPS revisions which have a substantial size - about 40MB per revision. So every time you perform (manually or automatically) an IPS Update, a new revision is created with roughly 40MB of storage. In order to avoid an ever-growing database size, R80.10 Jumbo Hotfix take 42 and above introduces automatic IPS purge which deletes revisions older than 30 days. In R80.10 Jumbo Hotfix take 42 and above this purge happens automatically every 7 days.
- So if you are an R80 or an R80.10 Security Management Server user with IPS on one of your gateways, we strongly suggest that you upgrade to the latest R80.10 jumbo hotfix before you face disk space issues.
(side-node: multi domain environments point to the same IPS revision in different domains. So if 5 domains see IPS version "4", that revision is stored once, not 5 times. So this is another efficiency that you get automatically)
If none of the above helped and you are still facing disk space issues, please open a support ticket so that Check Point Support will be able to recommend additional specific recommendations.
Each IPS Update consists of:
- package contents: ~40MB
- update process logs: ~150MB
IPS revisions which were not used by any Security Management Domain and are older than 30 days get purged automatically. The purge process happens every 7 days.
Starting with R80.10 Jumbo Hotfix take 137, or any Security Management version after that such as R80.20, IPS Update process logs get cleared when a new IPS Update happens, leaving space for new update process logs.
Retrieving data ...