Feature Request - Automatic Configuration Backup

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Feature Request - Automatic Configuration Backup

L4 Transporter

Hi all,

pls add a feature to allow automatic and scheduled (daily,weekly,monthly) configuration backups to be made to local HD, remote ftp/tftp/scp server.

kind rgds

Roland

21 REPLIES 21

L0 Member

Hi, any update here and suggestion?

Where is the running-config.xml path in PANOS?

I use scp in Linux server, but it fail:

scp abc@paloaltofirewall:/opt/pancfg/mgmt/device-state /home/paloalto_cfg_backup

here is the path for running config:

/opt/pancfg/mgmt/factory/running-config.xml

Try it but seems still not working, here is the result:

................

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /home/cpcnet/.ssh/identity

debug1: Trying private key: /home/cpcnet/.ssh/id_rsa

debug1: Offering public key: /home/cpcnet/.ssh/id_dsa

debug1: Server accepts key: pkalg ssh-dss blen 434

debug1: read PEM private key done: type DSA

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: Sending command: scp -v -f /opt/pancfg/mgmt/factory/running-config.xml

It hang after "debug1: Sending command: scp -v -f /opt/pancfg/mgmt/factory/running-config.xml"

Any idea?

Hello,

If you install panxapi (part of the PAN-perl package, PAN-perl-20121110.tar.gz) you can do a backup of the configuration this way:

(From 'man panxapi')

Generate an API key.

          $ panxapi -l admin:admin -h 172.29.9.122 -k

          keygen: success

          API key: "0RgWc42Oi0vDx2WRUIUM6A=="

       Create a .panrc file with the API key.

          $ echo 'hostname=172.29.9.122' >.panrc

          $ echo 'api_key=0RgWc42Oi0vDx2WRUIUM6A==' >>.panrc

       Retrieve the active configuration and write it to a file.

          $ panxapi -srx >fw-backup.xml

          show: success

Of course this can then be put into a crontab job which automatically does a backup every day.

If you put it into a script you can also script it to put timestamps on the backup files.

This should also work (if you don't want to use .panrc): panxapi -l admin:password -h 172.29.9.122 -srx > fw-backup.xml

Jo Christian

/Jo Christian

Hi Christian,

Thanks for your suggestion, I will try it today.

By the way, my PAN is 5.0 and where can I download the version you suggested(PAN-perl-20121110.tar.gz)? I can only download older version.

Thanks,

Paul

Hello,

You will find it in this thread:

https://live.paloaltonetworks.com/docs/DOC-1910

Or on my dropbox: https://dl.dropbox.com/u/1027606/PaloAlto/PAN-perl-20121110.tar.gz

Jo Christian

/Jo Christian

Hi Christian,

Thanks for your kindly help. I am doing implementation now.

Regards,

Paul

  • 10364 Views
  • 21 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!