Data centre backup solutions which support PANOS8

Reply
L0 Member

Data centre backup solutions which support PANOS8

What Data Centre backup solutions support PAN devices (both panorama and firewalls)?

Backbox seems to be a preferred PAN partner - http://hemispheretechnologies.com.au/cms/wp-content/uploads/2017/01/PaloAltoNetwork_BBX-Solution-Bri...

Are there other large scale backup solutions that are known to work well with PAN devices?

L7 Applicator

Re: Data centre backup solutions which support PANOS8

@DDyall,

What exactly do you mean by supporting PANos?

The configuration is simply an XML file that can very easily be backed up through an API call to whatever location you choose, there really isn't anything special about it from that perspective. From what I can see backbox is simply performing the required API calls to the device, you could easily mirror this functionality in the vast majority of backup solutions; that is one of the big benefits of Palo Alto having a REST API. 

L0 Member

Re: Data centre backup solutions which support PANOS8

@BPry

Hi, thanks for your reply. Some example basic points I mean by "supporting PANOS":

1) Being able to perform the REST API calls on schedules and on demand out of the box to get the xml backup

2) Being able to detect whether the configuration has changed and perform a backup if yes and ignore if no.

3) Have a set of rules that can be applied to the backup mechanism, an example rule could be to take at least 1 backup every 7 days,

4) If possible have some sort of diff functionality to compare 2 backups to see what's changed

5) If there is a large estate, have a management console / dashboard to monitor the backups and access the backups without having to trod through the filesystem

6) Alert if there is a problem with taking the backups

 

As you mentioned the REST API is well documented by PAN but it will take dev effort to implement, maintain and test for every new release of PANOS, my question is primarily about off the shelf solutions which can support PAN devices out of the box.

L7 Applicator

Re: Data centre backup solutions which support PANOS8

@DDyall,

So SolarWinds can actually perform all of what's requested, however it takes some customization so that's probably not going to fit your off-shelf requirement. 

BackBox easily fits everything you are looking for, but it can get fairly expensive. 

Unimus is a personal favorite that can do the majority of what you are looking for. The good thing with this product is that it's actively seeing a lot of updates to provide additional functionality. Tomas is pretty actively taking in user feedback and everyone involved is super responsive. Unimus is also probably one of the cheapest backup solutions you'll find. 

 

From the sound of things it looks like BackBox is likely the only product I know of that meets all of your requirements right off the shelf without any customization. Unimus would perform most of the functions at about a fifth of the cost if you were willing to sacrafice a few things. I would do a PoC with both and see which one you prefer and go from there. 

L7 Applicator

Re: Data centre backup solutions which support PANOS8

Hello,

If it was just the PAN's, your Panorama already does most of this, if not all. Its been a while since I used it. As for Panorama, @BPry comments is what you are after most likly.

 

Regards,

L4 Transporter

Re: Data centre backup solutions which support PANOS8

Hello

 

If config file is a simple .xml file doesn someone wrote powershell script to download it from device?

I think its a simplest way to backup configuration from our devices.

 

 

Regards

Slawek

L7 Applicator

Re: Data centre backup solutions which support PANOS8

@_slv_,

I would say that a powershell or bash script that simply performs the proper API call and stores the output is likely the most utilized backup method for a Palo Alto device. It's easy to setup and automate and that partiular API call has never been modified. 

To be clear, everything that @DDyall is requesting is easy enough to do on your own without the use of Unimous or BackBox if you dedicate a little bit of time into it. However if you don't have the time to do it and simply want a working product that you have to install and configure, such as the OPs request, then BackBox or Unimous are very good solutions for that. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!