Backup Configuration of a PA-200

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Backup Configuration of a PA-200

L3 Networker

We had a near miss on our PA-200.  Got it recovered (thanks, support team!) by reseting to factory default and restoring the configuration, but it would have been a lot quicker if we'd had a current configuration to restore from, instead of having to first save, then reset, then restore.

But I want to automate the process of saving a configuration so the -next- time this won't be such a hassle.

I think I can simply script a process to login to the host via ssh and dumb the configuration to disk. 

Unless there is a feature where this can automagically happen?

1 accepted solution

Accepted Solutions

L6 Presenter

Hi Bdunbar,

You can achieve it through two ways.

1. Write a script on Server to pull/scp configuration from Firewall.

2. OR configure panorama to have scheduled back up.

How to Schedule Configuration Export on Panorama?

Regards,

Hardik Shah

View solution in original post

7 REPLIES 7

L5 Sessionator

Hi bdunbar,

This option is available in panorama if you are using one to manage devices :

export_config.JPG

You can schedule it daily. If not, you will have to run script for the device and export running config daily. Hope this helps. Thank you.

L6 Presenter

Hi Bdunbar,

You can achieve it through two ways.

1. Write a script on Server to pull/scp configuration from Firewall.

2. OR configure panorama to have scheduled back up.

How to Schedule Configuration Export on Panorama?

Regards,

Hardik Shah

Thanks!

We're not quite ready to use Panorama, but if we keep buying PAN we will.

You can also use the XML API.

1 Generate an Admin Role with XML API access and bind this role to a User you want to use

2 Generate a KEY : https://YOURFIREWALL-IP/api/?type=keygen&user=USERNAME&password=PASSWORD   (replace YOURFIREWALL-IP, USERNAME, PASSWORD   with your values)


3. pull your config with wget and/or schedule the command with crontab or windows scheduler:


wget.exe --no-check-certificate “https://YOURFIREWALL-IP/api/?type=config&action=show&key=YOURKEY” --output-document=PATH-TO-YOUR/config.xml


regards

Marco


Seems like a great opportunity to learn the API, thanks.

Created the user, assigned the role.  the link https://my.ip.add.res/api/?type=keygen&user=obfuscate&password=obfuscate  returns a 404.

"Access Error: 404 -- Not Found

Can't locate document: /api/"

APi isn't turned on?

Hi Bdunbar,

API is turn ON by default. Its something with API string.

Regards,

Hardik Shah

Duh on me: I failed to include the port address. 

Thanks.

  • 1 accepted solution
  • 6737 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!