Skip to content
Avanet

Clean up the Sophos Firewall Secure Heartbeat database

Sophos Firewall

In some support cases, Sophos provides useful maintenance commands that are not always documented in the public Knowledge Base. We keep these notes so that similar cases can be handled consistently later.

In this case, the Secure Heartbeat database on Sophos Firewall was using too much disk space. According to Sophos Support, specific tables in the corporate database can be maintained with VACUUM FULL.

When this guide is relevant

This guide is relevant when disk space on Sophos Firewall becomes low and there is reason to suspect that database tables related to Secure Heartbeat are using an unusual amount of space.

Typical indicators include:

  • Warnings about high disk usage
  • Heavily used partitions on the firewall
  • Problems with reports, logs or services due to low disk capacity
  • A note from Sophos Support that the Secure Heartbeat database has grown too large

General steps for checking disk space are described in Sophos Firewall - Determine disk space and manage reports.

Requirements

For this maintenance, you need:

  • Administrative access to Sophos Firewall
  • Access to the Advanced Shell
  • A maintenance window
  • A current configuration backup of the firewall
  • Enough free disk space for the database maintenance to complete

If shell access is not yet configured, Connect to Sophos Firewall via SSH explains how to establish an SSH connection.

⚠️ These commands access the internal PostgreSQL database of Sophos Firewall directly. They should only be used deliberately and after current confirmation from Sophos Support for the specific support case. VACUUM FULL can lock tables while it runs and may take some time depending on the database size.

Check disk space before maintenance

Before database maintenance, check how much space the partitions use:

df -h

For a more detailed view in megabytes, this command can also be used:

df -hkm

Document the output before maintenance so that it can be compared afterwards.

Run database maintenance

Run the following commands in the Advanced Shell.

First clean up the tbleacappcache table:

psql -U pgroot -d corporate -c "VACUUM FULL tbleacappcache"

Then clean up the tblappstoeps table:

psql -U pgroot -d corporate -c "VACUUM FULL tblappstoeps"

After successful execution, the commands usually return VACUUM. Do not close the SSH session and do not restart the firewall while the commands are running.

Check disk space after maintenance

After the commands have completed, check disk space again:

df -h

If the Secure Heartbeat database was the cause, usage on the affected partition should decrease. The effect depends on how large the tables were and how much space PostgreSQL was able to release.

Important notes

  • This maintenance does not automatically fix the reason why the tables grew.
  • If disk usage rises quickly again, open a Sophos support case.
  • VACUUM FULL is more intensive than a normal VACUUM because tables are rewritten.
  • These commands should not be used as a regular cron job or routine task without diagnosis.
  • On production firewalls, use a maintenance window because some functions may respond more slowly during database maintenance.

Cause according to Sophos Support

In the specific case, Sophos Support stated that the Secure Heartbeat database was using too much disk space. The two VACUUM FULL commands above are used to clean the affected tables and release unused disk space.