Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Create a xml of the current config

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Create a xml of the current config

L4 Transporter

Hi

 

I wanted to move some pre-rules to post rules in my panorama config.

I wanted to try and do it with load partial.

 

But I am having issues generating the xml files

 

I ssh to panorama

set cli config-output-format xml

configure

save config to 20170625-AlexWorking.xml

 

and then exit out of config

show config saved 20170625-AlexWorking.xml

 

doesn't show me XML.

 

So GUI , export to xml .. looks good, scp back onto panorma and its been converted back..

 

so I want to do a load partial, but I can't seem to get an xml on there.

 

What am i missing

 

 

This is the command I am trying to do 

load config partial from 20170625-AlexWorking.xml from-xpath /config/devices/entry/device-group/entry/pre-rulebase to-xpath /config/devices/entry/device-group/entry/post-rulebase mode append

 

and I get back

Server error : Failed to compose effective config to load. input file doesn't have anything at devices/entry/device-group/entry/pre-rule
base

5 REPLIES 5

L4 Transporter

Okay, seems like it doesn't matter

 

I had the wrong base

 

needed

 


load config partial from 20170625-AlexWorking.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Yieldbroker']/pre-rulebase to-xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Yieldbroker']/post-rulebase mode append

 

Got this from 

 

https://www.paloaltonetworks.com/documentation/70/pan-os/cli-gsg/use-the-cli/load-a-partial-configur...

 

 

Hi @Alex_Samad

 

I would recommend that you use the Palo Alto Migration tool to connect to your firewalls via XML API. By doing so, you will be able to automatically pull your production firewall configuration straight into the Migration tool, and then transform the policies you want from pre-rules into post-rules.

 

Once it is done, you can then generate an XML API call, and send it straight to the devices via the migration tool. All you need to do after that is to login into the appliance and hit commit.

 

Here is the guide that shows the detailed process. PAN_MigrationTool_users guide.pdf

 

I hope this helps.

 

Twitter: @willguibr

I will give it a try, I downloaded the vm' but thought it was a bit of over kill. Thought  xpath would / should be able to do the move from pre to post.

 

I have instead used out to set and copied that config to a text file  and changed the pre to post and re ran the commands .

 

 

Alex

In the scenario I described you don't have to import the xml file into the migration tool. You only need to add the device to the device list, and then double click on it to pull the configuration in. 😉

Hi

 

Sorry I think maybe I miss understood.

 

I have already downloaded the migration tool - which seems to be a VM for VMWare.

 

Personally I think this might be a bit of over kill - installing a vm to do migration.

 

Think I would rather learn to do it by hand, which is what I was trying to do by the load partial.  But I ran into some sort of issue , not really sure what, but it seemed to want to add pre-base under post-base, instead of just added the pre-base children to post-base.

 

But I found another work around, I downloaded the XML config and then manual duplicated the sections I wanted and uploaded the modified XML.

 

Looks okay now I have 2 copies of the rules and I can delete as needed

 

Thanks

  • 4648 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!