Panorama: config output on CLI

Reply
Highlighted
L2 Linker

Panorama: config output on CLI

Hi,

I would like to backup and restore a panorama like I can with the firewall, on the firewall i set "set cli op-command-xml-output on" and get the config via the console, then bootstrap the firewall to restore the config...
now i am wondering how I can do the same with panorama...

it seems that i can neither set operational output to xml, nor restore a config via bootstrap... is that so?

is there any way i could automate backing up a panorama and restoring it?

Highlighted
L7 Applicator

Re: Panorama: config output on CLI

panorama actually has a backup feature that allows you to automate ftp backups of its config, that way you only need to import the config file to be up and running again

Highlighted
L2 Linker

Re: Panorama: config output on CLI

yes but that doesnt work for me...

I need a solution via console or rather without network connectivity.

This is not for a production system, its for a lab software

 

For the firewall I save the output from the console in a file and automate the bootstrapping so you can easily backup/restore configs in seconds, works well so far actually (I tried to do it with saving and restoring the set commands but trying to automate the login is a pain for several reasons, 1.) password after 9.0.4 cannot be admin/admin anymore 2.) console keeps telling you incorrect login and there is no consistent way of telling when thats true or if the authentication daemon still needs time to start

Highlighted
Community Team Member

Re: Panorama: config output on CLI

@CLIq 

Please refer to this KB article.. it may be able to show you.. 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgWCAS

Stay Secure,
Joe
End of line
L2 Linker

Re: Panorama: config output on CLI

Thanks @jdelio but that doesnt help me unfortunately, seems more like its not possible although i dont understand why panorama does not have the same command to output the config in xml format...

Highlighted
L7 Applicator

Re: Panorama: config output on CLI

@CLIqhow about

reaper@pano> set cli config-output-format xml
reaper@pano> set cli pager off
reaper@pano> configure 
Entering configuration mode
[edit]                                                                                                                                                                                                             
reaper@pano# show
Highlighted
L2 Linker

Re: Panorama: config output on CLI

@reaper yes, that does not seem to show the complete configuration and cannot be used to restore panorama with a file.

anyways it seems that panorama does not support something like bootstrapping...

so basically I guess I am asking what the best way would be to automate backup and restore of panorama...

i was thinking about using set commands but then there is the problem of not being able to detect when you are able to login... if I script it and it keeps saying invalid credentials... i cant differentiate that from actually not being able to login...

has anyone even ever tried that and will the "show" with set commands actually restore the complete panorama configuration if entered on a "fresh" panorama?

Highlighted
L7 Applicator

Re: Panorama: config output on CLI

@CLIq the automated daily ftp backup gets you an easy to use set of xml config that doesnt require any scripting. Once you fi d yourself in a situation where you need to recover from zero, grab the last config backup zip file, unpack, import and you're ready to go

Highlighted
L2 Linker

Re: Panorama: config output on CLI

@reaper Thanks but like I mentioned above, I need to do this without GUI and without network connections.

I can script it and I have access to the hypervisor and console of the Panorama.

so far the only option I see is to use the export as set commands (although i am not sure if a "show" will give you the complete panorama config as it does not if its in xml format) and then restore it the same way by entering those set commands... unfortunately the login prompt is **bleep**... so difficult to login with a script as you cannot know when the authdaemon is started.

any comments anyone? better idea? confirm any part of my hypothesis?

Highlighted
L7 Applicator

Re: Panorama: config output on CLI

@CLIq  you dont  need the gui for this at all

The ftp export is a config you can put in, import can be achieved through scp or sftp

 

You may wanna reach out to your sales guys to submit a feature request 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!