Related Topics
Install WatchGuard Dimension
WatchGuard Dimension can be installed on VMware or on Hyper-V. Dimension is distributed as an OVA file for installation on VMware ESXi 5.x–6.x and as a VHD file for installation on Hyper-V. The vSphere client is used to provision and install the OVA file. You cannot use VMware Client, Player, or any other non-EXSi server/client mechanisms to deploy the Dimension OVA file. To deploy the VHD file, you can use a Hyper-V Manager on Microsoft Server, or another Hyper-V environment.
Dimension must be installed on a virtual machine with a 64-bit OS. For installation instructions, see:
- VMware — Install Dimension on VMware
- Hyper-V — Install Dimension on Hyper-V
Complete installation instructions are also available in the WatchGuard Dimension Release Notes on the WatchGuard website.
After you install and start the WatchGuard Dimension VM, run the WatchGuard Dimension Setup Wizard and configure the initial settings for Dimension. For more information about the Dimension Setup Wizard, see: .
Before You Install Dimension
Determine System Memory Allocation
Before you begin the installation process for Dimension, make sure you consider how much memory to allocate for Dimension. To determine the necessary amount of memory, you must consider the number of Fireboxes that will send log messages to Dimension, the number of Fireboxes that will be managed by Dimension, and whether you will use the built-in PostgreSQL database or an external PostgreSQL database.
The Dimension Log Collector and Web Service maintain persistent connections to the PostgreSQL database and copies the log messages to the database. Because the Dimension system memory is shared between the Log Collector, the Web Service, the PostgreSQL database, and the other Dimension services, the number of devices that can send log messages to Dimension, and be managed by Dimension, depend on the amount of memory you specify when you install Dimension, and on whether you use the built-in PostgreSQL database or an external PostgreSQL database.
If you use the built-in PostgreSQL database, ¼ of the Dimension system memory is available for the Log Collector and the Web Service. The remainder of the memory is used by the PostgreSQL database and the other Dimension services. If you use the external PostgreSQL database, ½ of the Dimension system memory is available for the Log Collector and the Web Service, because the PostgreSQL database runs on another server. The remainder of the memory is used by the other Dimension services.
To determine how much memory to specify for your instance of Dimension, you need the approximate number of devices that will send log messages to your instance of Dimension and that you will manage with Dimension. For example, if your instance of Dimension has 2 GB of system memory and uses the built-in PostgreSQL database, your instance of Dimension can manage up to 250 Fireboxes and accept logging connections from up to 250 Fireboxes.
Number of Devices | System Memory (Built-in Database) |
System Memory (External Database) |
---|---|---|
100 | 1200 MB | 600 MB |
200 | 2400 MB | 1200 MB |
400 | 4800 MB | 2400 MB |
500 | 6000 MB | 3000 MB |
Determine Disk Size for Dimension Storage
To determine the amount of disk space to allocate for the Dimension log database, you must consider these factors:
- The number of devices that send log messages to Dimension
- The number of users that generate traffic behind each device
- The number of connections or sessions initiated by each user
- The amount of time each user spends on the Internet and on other services on your network
- The Subscription Services that are enabled on each device
- The number of log events that each device sends to Dimension
- The log level configured for each type of log message sent to Dimension
- The amount of disk space Dimension uses for the database (80%)
Because these factors can vary greatly, it is not possible to provide the exact disk size necessary for log storage in each Dimension installation. However, based on real-world data observed by WatchGuard in several different customer installations, across a broad range of industries and usage scenarios, we recommend that you use the figures from the next example as a conservative guideline to select the disk size for your instance of Dimension.
For an average log message size of approximately 800 bytes, one million log events use approximately 0.75 GB of disk space. Because Fireware OS is consistent across Firebox models, the amount of log data varies based on the number of users, not the Firebox itself. For example, an XTM 545 device with 800 users generates 10 times the amount of log data as an XTM 515 device with 80 users. This table shows some typical sizing scenarios by user.
Log Messages Per Minute by User | Low | Average | High |
---|---|---|---|
Firebox only | 1 | 3 | 6 |
Firebox with UTM | 2 | 5 | 10 |
To determine the approximate disk space necessary, follow these calculations:
Average log messages per minute X 60 minutes per hour X 24 hours per day = Number of log message per user, per day
Number of log messages per day X number of users = Number of log messages for the device each day = Disk space in GB used each day (1 million events = 0.75 GB)
Disk space in GB used each day X number of days = GB of database storage is required for this device
When the database is local to the Dimension system, the maximum size of the database is limited to 80% of the size of the data disk for the virtual machine.
For example, if you have an XTM 515 device that runs Fireware OS with Subscription Services enabled, has approximately 100 users, and is in the average range, the calculations to determine the approximate disk space necessary to store the log messages from the XTM 515 device for each day are:
5 log messages per minute X 60 minutes X 24 hours = 7200 log messages per user, per day
7200 X 100 users = 720,000 log messages for the device each day = 0.5 GB of disk space necessary for this device each day
To keep 30 days of data for this device, then 0.5 GB per day X 30 days = 15 GB of database storage is required for this device.
If this was the only device sending log messages to the Dimension system, the data disk for the virtual machine should then be configured to be 15 GB / .8 = 18.75 GB
If you do not enable debug logging on your Firebox, approximately 90% of the log messages will be traffic log messages. If you enable debug logging to investigate an issue on a Firebox, the diagnostic log message could potentially generate over 90% of the log messages for the Firebox, and reduce the amount of disk space available to store traffic log messages.
If you already have an instance of Dimension, you can review the statistics in the Database Status Report to monitor the daily log message statistics from your network and determine the necessary size of your Dimension database based on the amount of log messages generated by your devices.
For more information about the Database Status Report, see Configure and Monitor the Dimension Database.
Here is an example of the Statistics section in the Database Status Report:
Statistics for appliance XTM_Example:
--------------------------------------------------------------
Log Counts:
Traffic: 369
Event: 186
Alarm: 0
Performance: 750
Status/Debug: 3
Average Log Rates:
Traffic: 0.02/s
Status/Debug: 0.00/s
Alarm: 0.00/min
Event: 0.49/min
Performance: 1.98/min
Total: 0.06/s
Reporting statistics:
Report records: 380
Report logs: 1525
Number of client users in reports: 0
Number of client hosts in reports, (excluding "Denied Packet" reports): 37
Average report logs/client host: 16
Average report records/client host: 2
Upgrade from Dimension v1.0
When you upgrade from Dimension v1.0 to v1.2, there is a special, two-step process you must follow. For instructions to complete this process, see Upgrade Dimension from v1.0.
You can also find these upgrade instructions in the WatchGuard Dimension Release Notes on the WatchGuard website Release Notes page.