And don't forget the GRUB password...

My Security Gateway Is a virtual machine.

Is It possible to just reboot It from the cli and then jump into maintenence mode?

Sure! But you will need console access to the VM.

Press any key here (not at the VM's boot menu)

Then maintanance mode:

Akos

Super! Thanks.

And how about the GRUB password? 

Hi,

Check this SK: https://support.checkpoint.com/results/sk/sk177687

I could login to my VM without grub password. As I see this related only appliances.

Akos

Thanks thanks! I will try this out

Oooh allright, that was god information.

Is your recommendation then to add a virtual disk into the virtual machine?
sk94671

That's the recommended procedure in this case, yes.

Note: adding a second drive might result in problems upgrading later. I know on a management, multiple drives passed to a VM typically results in the message "Your partitions are not in Check Point standard format, and an upgrade is not possible.", but I don't know if that also happens on firewalls.

I would try to clear out space from the existing /var/log tree first. 'du -h -d 1 .' tells you the size of each directory in the current directory. Start in /var/log, pick the biggest directory, cd into it, and repeat. You'll find what is taking up the space. Almost every time my firewalls have more than maybe 10 GB used in lv_log, it's due to local traffic logs. The second most common offender is CPUSE packages (a few firewalls kept a lot of jumbos and major version installers longer than they should have).

How did you build the firewall VM? Did you use the R81.20 ISO, or did you start from a CloudGuard image? If the latter, you may be able to expand the existing drive in place, then use some of the unallocated space to expand lv_log. Check to see if the file /etc/autogrow exists. If it does, it may be worth trying the procedure in sk106242 (in short: remove the file, shut down the VM, expand the drive in the hypervisor, boot the VM).

Hi,

"Your partitions are not in Check Point standard format, and an upgrade is not possible."

My experece is that, it happens when the disk size is extended (as we usually do on Windows VMs) instead of addig a new disk, and extend the volume.

Akos

Okey that doesn't sound good. My log volume (lv_log) Is only 30GB In total, and I've now used 24GB.

Yes I used the R81.20 ISO and Installed It that way. The directory ./files_repository Is in total 11GB.
Bunch of stuff In there. 

Not quite sure what files I'm deleting there and could give an negative impact. 

Never delete actual version related stuff! This is my first advise.

Extend the partition, according to the SK. Be cautious, and you will succeed. I have done lot of times.

In this case VMware snapshot is not a backup. Do system backup, double check it after dowloaded it (MD5).

Akos

That's pretty small, yeah. And with only 27 GB of space to expand into, it sounds like your drive is maybe 120 GB total? If you have access to the hypervisor, you can check there, or you can use the command 'vgs' to see the capacity of the volume groups (swap and a tiny boot partition aren't included in the size reported by 'vgs').

Is this gateway clustered?

It's likely you can work around this for now by removing some junk and taking some unallocated space for lv_log, but I would plan to rebuild the VM with a bigger drive in the next 3-6 months.

It's 150GB In total, no cluster at all. Single gateway.

What do you mean by rebuild the VM with a bigger drive?

Following along here, sk94671
Is not good enough? 

That process is the one I have seen cause the "Your partitions are not in Check Point standard format, and an upgrade is not possible." message in the past.

And I mean it sounds like all processes for expanding an existing VM's "physical storage" can result in the upgrade failure. The only guaranteed way to not get that failure when you want to upgrade later is to give the VM a bigger disk (say, 300 GB) and reinstall the OS from the ISO image. That probably isn't necessary right this second, so you can wait for a good maintenance window. Could even wait until you want to upgrade.

I followed this sk more than 10 times in the last two year. There was no issue, worked az expected.

If you are not familiar with this process - and I would suggest it to you based on my first time - create a new CP VM -> add a disk as described, and extend the partition. Testing is free, and give a lot of experences. It worked in the LAB, than you can move forward to the productive environment.

Akos