How to Clone a Template on Panorama

Overview

When configuring a new template on Panorama for a new group of managed firewalls, it is sometimes beneficial to clone/duplicate a pre-existing template and then make the necessary edits on the clone. The command load configure partial can be used to merge XML elements at a certain xpath from a Panorama configuration.

Note: This process requires an administrator account with superuser privileges to run the command and issue a commit.

Details

To use the load configure partial command, the configuration must first be imported into Panorama. The configuration can be imported from the web-interface or the CLI.

In the example below, the predefined running-config.xml is used. Whenever a successful commit is completed in Panorama, the configuration is saved as the running-config.xml file. The following is a snapshot of template temp_1 as seen from the web-interface:

Note: Make sure there are no spaces in the template name. If there are spaces in the template name, an error related to an invalid syntax might occur.

The command to clone the existing template "temp_1" to "clone_temp" is as follows:

# load config partial from running-config.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='temp_1'] to-xpath /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='clone_temp'] mode merge

Config loaded from running-config.xml

template -> temp_1 -> devices -> 0006C106255 '0006C106255' is already in use

template -> temp_1 -> devices -> 0006C106255 0006C106255  is invalid. Discarding

[edit]

#

After cloning the template with the above command, the UI shows the following:

Note: When the new template is created, clone_temp in our example, the devices that were members of the source template are moved to the new template. The new template should be edited to remove those devices and then add the same managed firewalls back to the original source template.

owner: kadak