Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG in VMWare report partition filling up about every two weeks

I've got all the log retention modules at their minimum of either one or three months and most unneeded syslogging unchecked, but it seems like the report partition goes over 80% about every two weeks and all my reports stop until I purge the data. Coming from a WSA where I could pull user data for the year if needed, only having one to three months of available user data is a step backwards.

 Most of what I find when searching about partition size is about the UTM, and it seems changing disk size isn't recommended, although I have no idea whether increasing the disk size would affect the reporting partition. At any rate, if I'm having to purge data every few weeks with the 80g disk, just how big would it have to be for me to have a year's worth of reporting data available. I do have an unlimited license.

 Any options, or at 1300+ users have I reached a limit of what the XG can do? All I really need is user web traffic.

 Thanks



This thread was automatically locked due to age.
Parents
  • Hi,

    what size disk did you assign the XG when you built it in the VM?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Robert,

    with 1300 users you would need at least a 120gb disk at the very minimum and because you want to keep history I would recommend about 500gb. Also if you want to keep history I would also suggest you use an external to XG data store/reporting software. 

    I would suggest you check with your sophos reseller/partner to look at the disk sizes provided on the equivalent XG hardware.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks. Would it surprise you for me to say Sophos professional services set this up for us and our account rep was well aware of our size requirements? I even have another 600, or so, users to still get going through the XG before it's all over. Oh well, like I wrote above, we have an unlimited license, so I guess I'll turn up a new VM and plan for some downtime over the holidays. 

    What do you mean by "an external to XG data store"? We syslog everything off box, but it doesn't sound like that's what you're talking about. 

  • Hi Robert,

    syslog is what I was talking about or something similar. XG does not keep history very well, it is an ongoing complaint in these forums.

    The longest part of a fresh installation will be the formatting of the disk.

    Regards

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks again, Ian.

    >"XG does not keep history very well, it is an ongoing complaint in these forums." Man, that makes me miss the WSAs more and more. Too bad there's apparently no new development going into them. I'm not finding the XG a suitable proxy replacement, especially considering the WSAs ruled for reporting and classifying traffic.

     

    Not wanting to get too OT, but

    >"The longest part of a fresh installation will be the formatting of the disk."

    I should just be able to backup my existing, turn up a new, properly-sized XG appliance in VMWare, then restore my backup to it, correct?

  • Actually the XG should be able to report and classify more traffic than WSA. 

    I would assume, you are decrypting Traffic? Wait for XGv18 with SSLx. This is the next level. 

     

    And yes, you can setup a new XG and import your backup.

    But be careful. There can be only one serial number active at the same  time. 

    So skip the registration for 30 Days, import your backup, schedule a downtime, disable your old XG, register the new XG with the same serial and move on.

    Or use License Transfer: https://community.sophos.com/kb/en-us/126360

    Basically register the new XG with a 30 Day Trial, import Backup etc.

    Than move the old subscription to the new Serial. 

     

    __________________________________________________________________________________________________________________

Reply
  • Actually the XG should be able to report and classify more traffic than WSA. 

    I would assume, you are decrypting Traffic? Wait for XGv18 with SSLx. This is the next level. 

     

    And yes, you can setup a new XG and import your backup.

    But be careful. There can be only one serial number active at the same  time. 

    So skip the registration for 30 Days, import your backup, schedule a downtime, disable your old XG, register the new XG with the same serial and move on.

    Or use License Transfer: https://community.sophos.com/kb/en-us/126360

    Basically register the new XG with a 30 Day Trial, import Backup etc.

    Than move the old subscription to the new Serial. 

     

    __________________________________________________________________________________________________________________

Children