Troubleshooting Disk Writes

Certain tasks can make the firewall write lots of data to the disk, which could impact the health of the hardware over time. This is not as large a concern on modern disks, even SSDs, but can still be a factor over long time spans.

There are ways to reduce the amount of writes which happen on the disk, depending on the needs of the firewall and its environment.

RAM Disks

The /var and /tmp directories on the firewall contain most of the files which are highly volatile. The firewall has an option to keep these volatile areas in RAM disks under System > Advanced on the Misc tab.

Enabling RAM disks for /var and /tmp does have some caveats, which are noted in RAM Disk Settings. For instance, it requires sufficient RAM to hold them comfortably without filling up, and it can potentially lead to loss of logging and monitoring data if the firewall suffers a power loss.

Overall, however, if there is enough RAM to spare, using RAM disks will drastically reduce disk writes over time.

Disable Write-Heavy Features

One method to limit writes is by disabling features which cause lots of disk writes.

Logging:

It is possible to disable local logging, and optionally use only remote logging (Log Settings). This eliminates all writing of logs to the local disk. Logging is one of the primary sources of disk writes on an ongoing basis.

This can make troubleshooting on the firewall more difficult, so it’s not a best practice.

RRD Graphs:

It is possible to disable the system monitoring RRD graphs which are frequently updated with new monitoring data (Graph Settings).

Instead of monitoring this data locally, most of this data can be monitored remotely by an NMS using SNMP.

DHCP Server:

On a busy network the DHCP lease database can be large and is rewritten frequently. Disabling the DHCP server on all interfaces and moving DHCP service to another device will result in decreased load on the firewall disk.

This tends to be prohibitively inconvenient in most deployments, so in practice this is rare.

Note that all of these features write data in /var so if /var is in a RAM disk, they can safely remain enabled.

Avoid Write-Heavy Packages

Another way to reduce disk writes is to minimize use of packages that can cause heavy disk writes.

pfBlockerNG, Snort, Suricata, HAProxy:

These can write a lot due to logging and rule updates.

nmap, darkstat, other monitoring:

These use lots of disk writes to maintain databases and reports.

See also

The package list at Package List also notes when specific packages require or work better with an SSD or HDD.

Reinstall

If it has been a while since the firewall OS was installed, reinstalling and restoring from backup can help as well.

Filesystem properties are sometimes optimized in a new release, such as ZFS dataset layouts and attributes. Installing again will ensure the firewall is using the most optimal disk layout.