Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-06-2010 12:46 AM
Hi all,
pls add a feature to allow automatic and scheduled (daily,weekly,monthly) configuration backups to be made to local HD, remote ftp/tftp/scp server.
kind rgds
Roland
12-06-2010 03:58 PM
In 4.0 you will have the ability to do a configuration export from Panorama. The feature is a daily export based on a 24hr hour entry using FTP. The archive is a TGZ of all managed devices config in XML format plus Panorama config.
In general, feature requests should be made through your local Sales Engineer who will lobby for their implementation.
12-06-2010 11:51 PM
I would like to see this feature on a box level not in panorama. Not all customers have panorama and panorama is not free...
Customers compare features with PAN and what they have right now and automatic backups are missing in PAN.
12-07-2010 12:26 AM
In that case, you do have the option to use the XML API - with an off box scheduler to get the configuration
Thanks
James
12-07-2010 12:28 AM
I have been reading about this possibility, but that's too complicated compared to what the competition offers...
Roland
12-07-2010 05:48 AM
Automatic backup are RELEVANT not optional, especially in an MSP, when there are hundreds of different technologies.
This is the first question a prospect ask me when I go to explain PAN strengths.
XML API cannot be always a solution for any simple and foundamental task that competitors offer as a basic feature.
I hope you consider this as a feature that could be introduced in next (minor) release.
Thanks.
12-07-2010 02:47 PM
That is correct - configuration back ups are indeed important. Hence the offer of another alternative in the mean time 
Please contact your local Palo Alto Networks sales team in order to file the feature request.
Many Thanks for your continued feedback
James
12-07-2010 11:52 PM
I have forwarded the feature request to the local SE. So far no reply.... I hope it's not diverted to /dev/null.... or can I track the feature requests somewhere ?
Roland
12-08-2010 08:02 AM
Your SE can and will track this and all feature requests and be able to lobby for those most frequently requested by customers.
01-06-2011 11:25 AM
The REST API is actually pretty simple to implement for getting a copy of the configuration.
#!/bin/sh
#
# Get a copy of the PAN firewall configuration using the REST API.
# This works with curl, but not wget. Create the contents of the key
# file by going to
# https://${HOST1}/esp/restapi.esp?type=keygen&user=${USER}&password=${PW}
# and using administrator credentials for USER and PW (password).
# The key file just needs the key, not the entire XML output of keygen.
#
HOST1=pafw1.example.com
HOST2=pafw2.example.com
KEY=$(cat pafw.key)
DATE=$(date +%Y%m%d)
#
URL1="https://${HOST1}/esp/restapi.esp?type=config&action=show&key=${KEY}"
URL2="https://${HOST2}/esp/restapi.esp?type=config&action=show&key=${KEY}"
echo $URL
#
curl --output ${HOST1}.${DATE}.xml --insecure $URL1
curl --output ${HOST2}.${DATE}.xml --insecure $URL2
04-11-2011 11:52 PM
Hi,
I have Panorama 4.0.1 and the Palo Alto devices are on the Pan OS 3.1.4.
Is it still possible to get the PA device backups using Panorama daily config backup schedule option?
I am trying to configure it but I dont see any backups happening. Neither can I see any activity in the system logs for the schedule backup?
04-13-2011 04:09 AM
Will be implemented this feature in PAN directly instead of Panorama, I think that would be great to have a feature like this, many customers ask for this indeed.
06-15-2011 12:54 PM
We would like to have this on shell, not panorama.
on others we do with ssh and authorized_keys (eg. f5, juniper, ...)
01-25-2012 12:58 AM
Agree that a scheduler on-box would be nice. However, ssh-key auth is available from 4.1. This means that you can automate backups by adding a cron job on an external box. Simple enough.
04-04-2012 11:35 AM
Have you any success with ssh-key method? We're attempting to do this, but when issuing commands from the remote box, it does not appear the remote shell is not receiving the command. If logging in using regular ssh, it works. Does PA's ssh daemon prevent remote execution? Or am I missing something that can be configured to accomplish this?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
