11-10-2014 10:42 AM
We had a near miss on our PA-200. Got it recovered (thanks, support team!) by reseting to factory default and restoring the configuration, but it would have been a lot quicker if we'd had a current configuration to restore from, instead of having to first save, then reset, then restore.
But I want to automate the process of saving a configuration so the -next- time this won't be such a hassle.
I think I can simply script a process to login to the host via ssh and dumb the configuration to disk.
Unless there is a feature where this can automagically happen?
11-10-2014 10:52 AM
Hi Bdunbar,
You can achieve it through two ways.
1. Write a script on Server to pull/scp configuration from Firewall.
2. OR configure panorama to have scheduled back up.
How to Schedule Configuration Export on Panorama?
Regards,
Hardik Shah
11-10-2014 10:50 AM
Hi bdunbar,
This option is available in panorama if you are using one to manage devices :
You can schedule it daily. If not, you will have to run script for the device and export running config daily. Hope this helps. Thank you.
11-10-2014 10:52 AM
Hi Bdunbar,
You can achieve it through two ways.
1. Write a script on Server to pull/scp configuration from Firewall.
2. OR configure panorama to have scheduled back up.
How to Schedule Configuration Export on Panorama?
Regards,
Hardik Shah
11-10-2014 11:08 AM
Thanks!
We're not quite ready to use Panorama, but if we keep buying PAN we will.
11-11-2014 09:01 AM
You can also use the XML API.
1 Generate an Admin Role with XML API access and bind this role to a User you want to use
2 Generate a KEY : https://YOURFIREWALL-IP/api/?type=keygen&user=USERNAME&password=PASSWORD (replace YOURFIREWALL-IP, USERNAME, PASSWORD with your values)
3. pull your config with wget and/or schedule the command with crontab or windows scheduler:
wget.exe --no-check-certificate “https://YOURFIREWALL-IP/api/?type=config&action=show&key=YOURKEY” --output-document=PATH-TO-YOUR/config.xml
regards
Marco
11-11-2014 11:26 AM
Seems like a great opportunity to learn the API, thanks.
Created the user, assigned the role. the link https://my.ip.add.res/api/?type=keygen&user=obfuscate&password=obfuscate returns a 404.
"Access Error: 404 -- Not Found
Can't locate document: /api/"
APi isn't turned on?
11-11-2014 11:45 AM
Hi Bdunbar,
API is turn ON by default. Its something with API string.
Regards,
Hardik Shah
11-11-2014 12:04 PM
Duh on me: I failed to include the port address.
Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
