Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
12-12-2014 01:52 PM
Is a KB article out there that explains what each type of config export is and what is included? Looking through our Palo Altos I can see these 6 different config exports...
Named Configuration Snapshot
Candidate Configuration
Configuration Version
Device State
(Panorama)Scheduled Config Export
(Panorama)Panorama and Devices Config Bundle
12-12-2014 02:24 PM
Hello Jambulo,
Candidate configuration will overwrite the previously candidate configuration. It is not possible to go to a previously saved candidate version. Named configuration Snapshot will Save the candidate configuration to a file by giving it a name.
Every time save named configuration snapshot is clicked, it will create a new instance of the file and can be exported as a backup for later use using Export named configuration snapshot.
Device State - If the device has shared policies pushed from the Panorama, these policies will not be included on the device running configuration file and will be included in the 'device state' file.
(Panorama)Scheduled Config Export - you can schedule the export of running configurations from all managed devices in addition to its own running configurations.
Please refer below link to configure schedule configuration export
How to Schedule Configuration Export on Panorama?
Panorama and devices config bundle—This option is used to manually generate and export the latest version of the configuration backup of Panorama and that of each managed device. (exports configurations with password hashes)
Regards,
Jahnavi..
12-12-2014 03:09 PM
Restores the last saved candidate configuration from the local drive. The current candidate configuration is overwritten. An error occurs if the candidate configuration has not been saved. | |
Restores the last running configuration. The current running configuration is overridden. | |
Saves the candidate configuration to a file. Enter a file name or select an existing file to be overwritten. Note that the current active configuration file (running-config.xml) cannot be overwritten. | |
Saves the candidate configuration in flash memory (same as clicking Save at the top of the page). | |
Loads a candidate configuration from the active configuration (running-config.xml) or from a previously imported or saved configuration. Select the configuration file to be loaded. The current candidate configuration is overwritten. | |
Exports the active configuration (running-config.xml) or a previously saved or imported configuration. Select the configuration file to be exported. You can open the file and/or save it in any network location. | |
This feature is used to export the configuration and dynamic information from a firewall that is configured as a GlobalProtect Portal with the large scale VPN feature enabled. If the Portal experiences a failure, the export file can be imported to restore the Portal’s configuration and dynamic information. The export contains a list of all satellite devices managed by the Portal, the running configuration at the time of the export, and all certificate information (Root CA, Server, and Satellite certificates). Important: You must manually run the device state export or create a scheduled XML API script to export the file to a remote server. This should be done on a regular basis since satellite certificates may change often. To create the device state file from the CLI, from configuration mode run save device state. For information on using the XML API, refer to the document “PAN-OS XML-Based Rest API Usage Guide” at http://www.paloaltonetworks.com/documentation. | |
Import the device state information that was exported using the Export device state option. This includes the current running config, Panorama templates, and shared policies. If the device is a Global Protect Portal, the export includes the Certificate Authority (CA) information and the list of satellite devices and their authentication information. |
12-12-2014 03:15 PM
Panorama
Panorama saves a backup of running configurations from all managed devices in addition to its own ru...Scheduled Config Export page to collect the running configurations from all of the managed devices, package them in one gzip file, and schedule the package for daily delivery to an FTP server or by using Secure Copy (SCP) to transfer data securely to a remote host. The files are in XML format with file names that are based on the device serial numbers.
12-12-2014 03:21 PM
Export Panorama and devices config bundle—This option is used to manually generate and export the latest
version of the configuration backup of Panorama and that of each managed device. To automate the process of
creating and exporting the configuration bundle daily to an SCP or FTP server, see Schedule Export of
Configuration Files.
12-12-2014 03:21 PM
Don't know of a kb but if you select the help file right on that page you get a pretty detailed description, see below.
Named Configuration Snapshot-- use these to create ad-hoc backups during routine operations. For example, right before a major configuration change or upgrade save a named configuration that can be restored if things go wrong.
Candidate Configuration--The working copy of the configuration that will be applied when you hit commit.
Configuration Version- These are the automatically created rollback versions of a configuration created when you hit commit. They are numbered and date/time stamped. named configurations are easier to sort out and find if you know you might need to rollback.
Device State-- a bundle of files including certs and templates for a fuller backup.
(Panorama)Scheduled Config Export- Automatic shipping of your configurations to a file share for DR.
(Panorama)Panorama and Devices Config Bundle- larger bundle of all the devices and panorama configure saved our for DR.
Restores the last running configuration. The current running configuration is overridden. | |
Saves the candidate configuration to a file. Enter a file name or select an existing file to be over...running-config.xml) cannot be overwritten. | |
Saves the candidate configuration in flash memory (same as clicking Save at the top of the page). | |
Loads a candidate configuration from the active configuration (running-config.xml) or from a previously imported or saved configuration. Select the configuration file to be loaded. The current candidate configuration is overwritten. | |
Exports the active configuration (running-config.xml) or a previously saved or imported configuration. Select the configuration file to be exported. You can open the file and/or save it in any network location. | |
Important: You must manually run the device state export or create a scheduled XML API script to export the file to a remote server. This should be done on a regular basis since satellite certificates may change often. To create the device state file from the CLI, from configuration mode run save device state. For information on using the XML API, refer to the document “PAN-OS XML-Based Rest API Usage Guide” at http://www.paloaltonetworks.com/documentation. | |
Imports a configuration file from any network location. Click Browse and select the configuration file to be imported. | |
12-12-2014 04:40 PM
If you ultimately wanted to define a periodic export for configuration backups, check out:
03-31-2015 04:09 PM
I would really like if Panorama had actually the option to schedule an export of device-state bundle, similar to exporting the config bundle.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
