Firewall Analyzer - Sizing Guide


    This section lists the minimum system requirements for installing and working with Firewall Analyzer. Please refer our website for recommended system requirements.

    Firewall Analyzer Version 12 onwards

    1. Hard disk space required
    2. Performance tuning - Hard disk requirements for more months
    3. PostgreSQL performance improvement parameters
    4. Java tuning for Windows and Linux

     

    Hard disk space required

    Firewall Analyzer (For every 500 logs/sec & to maintain 1 day archive logs) 90 GB

    *The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second by Firewall Analyzer. 

    Hard disk space requirement

    The split up is: Archive+Index+PostgreSQL=Total

    Log Records Rate For 1 Day For 1 Week For 1 Month
    50 Logs/sec 1+0.5+10.5=12 GB 5+3+30=38 GB 18+7+75=100 GB
    100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB
    300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB
    500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB
    1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB

     

    Log Records Rate For 3 Months For 6 Months For 1 Year
    50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB
    100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB
    300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB
    500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB
    1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB

     

    Performance tuning

    Hard disk requirements for more months

    Note: The Log Records Per Second is the total log records received per second by Firewall Analyzer from all the configured devices.
    Where to find the log flow rate steps to identify logs/sec?

     

    • Dedicated machine has to be allocated to process more than 200 logs per second.
    • Dual core processors are needed to process more than 500 logs per second.
    • Quadra core processors are needed to process more than 1000 logs second.
    • Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.
    • Firewall Analyzer server and PostgreSQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.
    • The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.

    PostgreSQL performance improvement parameters

    For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.txt available under <Firewall Analyzer Home>/pgsqldata directory

    Parameters
    Comments
    port = 33336 This change requires Firewall Analyzer Appplication/Service restart
    shared_buffers = 128 MB Minimum requirement is 128 KB.
    This change requires Firewall Analyzer Appplication/Service restart
    work_mem = 12 MB Minimum requirement is 64 KB.
    maintenance_work_mem = 100 MB Minimum requirement is 1 MB.
    checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each
    checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour
    checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 - 1.0
    seq_page_cost = 1.0 This parameter is measured in an arbitrary scale
    random_page_cost = 2.0 This parameter is measured in same scale as above
    effective_cache_size = 512MB  
    synchronous_commit=off  

     

    Java tuning for Windows and Linux

    In our latest version, we have provided the option to change the Java Heap Memory in Firewall analyzer UI.

    Follow the steps given below:

    1. Navigate to Support tab > JVM Memory Info > Configured Heap (MB) option to change the Java heap memory size.

     

    1. Edit the Configured Heap (MB) value based on RAM size and system parameters.

    CPU configuration
    RAM
    Configured Heap
    Minimum value (MB) Maximum value (MB)
    32 Bit machine 3 GB or more 256 1024
    64 Bit machine 6 GB or more 1024 2048
    8 GB or more 1024 4096
    16 GB or more 1024 8192

     

    1. Press Enter, once the Configured Heap (MB) value changed. Firewall analyzer will show this message 'JVM Heap value updated successfully. Requires service restart'.

     

     

    1. Restart the ManageEngine OpManager service.