How Add Additional Disk Space to the VM-Series Firewall in AWS environment?
19958
Created On 12/19/19 04:34 AM - Last Modified 01/29/24 05:20 AM
Objective
Add Additional Disk Space to the VM-Series Firewall in AWS environment for logging purpose.
Environment
- Palo Alto Firewalls
- Amazon Web Service (AWS) environment
- Any PAN-OS
Procedure
Example:
a. Create a volume of 100GB
b. Attach the newly created volume to firewall instance /dev/sdb
c. Reboot firewall using request restart system
1. Create an instance in AWS
2. Login to the AWS instance
3. Check the current Disk Space of "panlogs". In this example, it is 21 G.
admin@PA-VM> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.1G 3.6G 47% /
none 7.8G 52K 7.8G 1% /dev
/dev/xvda5 16G 953M 15G 7% /opt/pancfg
/dev/xvda6 8.0G 1.3G 6.3G 18% /opt/panrepo
tmpfs 4.8G 4.2G 658M 87% /dev/shm
/dev/xvda8 21G 193M 20G 1% /opt/panlogs <<<<<<<<<<<<<==========21 GB
tmpfs 12M 0 12M 0% /opt/pancfg/mgmt/lcaas/ssl/private
4. Turn off VM
5. Create a volume of 100 GB make sure it is in the same region and zone as the Palo Alto Firewall (PA-VM)
6. Copy instance ID of the PA-VM
7. Volume > Select the Volume to be attach > Action > Attach Volume
8. Put the instance ID
9. Attach Disk with path /dev/xvdb —> This path is important
10. Power on VM
11. Login to CLI, if you see the message “System initializing; please wait... (CTRL-C to bypass)” then wait for 5 minutes and then login.
12. For further progress, it is important that the above message is not seen when you login to CLI.
13. Login to the firewall after some time, after making sure the message in step 7 is not seen this time. It may take 5-10 minutes after turning on the VM.
14. Check the logging partition, it should show 100 GB.
admin@PA-VM> show system disk-space
Filesystem Size Used Avail Use% Mounted on
/dev/root 7.0G 3.1G 3.6G 47% /
none 7.8G 52K 7.8G 1% /dev
/dev/xvda5 16G 953M 15G 7% /opt/pancfg
/dev/xvda6 8.0G 1.3G 6.3G 18% /opt/panrepo
tmpfs 4.8G 4.2G 658M 87% /dev/shm
/dev/xvdb1 99G 209M 94G 1% /opt/panlogs <<<<<<<<<<<<<<<<<============= 100 GB added disk
tmpfs 12M 0 12M 0% /opt/pancfg/mgmt/lcaas/ssl/priv
Additional Information
When you add small size volume as an additional disk, it will be failed with the following error message. The additional disk size must be 39.0 GB minimum.
-panlogs-partition.log
===
Logging disk is too small: 30.0GB, the disk must be 39.0GB minimum. Reverting to logging partition
/opt/panlogs/.auto-new-panlogs-check was not found - now performing fsck.
Nothing to do, using original panlogs partition