Config (XML) import to device, using Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Config (XML) import to device, using Panorama

L1 Bithead

, XML

Dear all,

The Panorama feature "Scheduled Config Export" is a great way to backup all device configs to a central backup repository.

I known one can import this XML config from the device itself,

But would there also be a way to import  the complete XML files to respective device USING panorama?

Thanks,

Wim

6 REPLIES 6

L4 Transporter

It's not to possible do a "device config import" from Panorama, as far as I know. Panorama can only push device group and template configuration, not the whole XML file.

I guess maybe it will be possible to write something with the API to do something similar.

there is a package called PAN-ksteves on DevCenter with a program

called panto.py that may be useful and uses the panxapi program from

PAN-perl.  Here is a section from the documentation:

panto.py can be used to assist with the process of migrating PAN-OS

device and VSYS configurations to Panorama.

Its input is a configuration file which specifies the XPath nodes on

the PAN-OS device to migrate, and the corresponding XPath node on the

Panorama where the configuration will be migrated to. Its output is a

set of panxapi commands that can be selectively executed which use the

XML API to show and delete the configuration on PAN-OS, and set the

configuration on Panorama.

Sample input:

migrate from-xpath /config/shared/log-settings/email to-xpath /config/shared/log-settings

Sample output:

# migrate from-xpath /config/shared/log-settings/email to-xpath /config/shared/log-settings

panxapi -t pa-200 -sxr "/config/shared/log-settings/email" >tmpnNeNjR_email.xml

panxapi -t panorama -S ./tmpnNeNjR_email.xml "/config/shared/log-settings"

panxapi -t pa-200 -d "/config/shared/log-settings/email"

L0 Member

Hi All,

Kinldy help to migrate on premise panorama to Azure Panorama.40 plus templates are configured.

Hi @MEANUPTHAKUR95 

What did you already do? Is the new panorama set up the same way as on prem? As the logs cannot be migrated, all you need to do is export the existing configuration and import it to the azure panorama. If you did this already and you have other issues with this, please give us some more details where you need help 😉

L0 Member

we are in plan phase, requirement is to automate the panorama migration from on-premise to Azure Panorma.

Azure Palo Alto FW is currenty managed by On-premise Panorama. we need to segregate the rules from on-premise Panorama and deploy at newly created Panorama.

You plan to migrate just this one azure firewall to the azure panorama or you plan to fully migrate the onprem panorama to azure? For the full migration, I still recommend to export the config and import it to the azure panorama and the job is - except for some minor changes in the config like Mgmt IP - done.

Even if you only want to migrate just one it might be the easiest way like this and then delete the devicegroups and templates you do not need in azure. 

 

What do you mean with automate the migration? You can also write a script in order to read the local config and write everything to the other panorama or use existing automation frameworks, but I think in a migration case this might be more work than export/import - depending on your special plan of the migration.

  • 4785 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!