This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to Schedule Configuration Export without Panorama?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to Schedule Configuration Export without Panorama?

paloalto.nis
L2 Linker

‎04-30-2013 01:26 AM

Hello,

I would like to know if it is possible to automatically export the configuration of my firewall without Panorama.


Thank you in advanexportce for your help.

0 Likes Likes
6 REPLIES 6

ExclusiveNetworksGermany
L3 Networker

‎04-30-2013 01:39 AM

There is no "official" Scheduler for automatic export yet. But you can ask your SE to sign the Feature Request for you.

Anyway there are some ways to trigger config Backups from external Server

1. Use the XML API

2. Or use remote ssh login (with public/private key for passwordless login) in a shell script on an external Server and execute backup commands:

scp export configuration to USER@SCPHOST:PATH

or

tftp export configuration to TFTPHOST

Cheers

Marco

minow
L4 Transporter
In response to ExclusiveNetworksGermany

‎08-07-2013 07:52 AM

how do you backup the passwords also?

i have seen in the XML output that it shows this for a local user record:

<entry name="admin">

<phash>********</phash>

<permissions>

   <role-based>

    <superuser>yes</superuser>

   </role-based>

  </permissions>

but if i export the runing config from the webui then i get the "phash" in the right way

what do you suggests?

0 Likes Likes

kprakash
L5 Sessionator
In response to minow

‎08-07-2013 08:29 AM

Although the passwords are shown as a hashed value on the exported file, when you import back the file onto a firewall, the same passwords are maintained. As hashes are irreversible ( cannot be decrpypted  ), the firewall computes the hash of the password that the user enters on the ssh or the gui, and if the hash of the password matches that of the running config, the PANFW identifies that the password is correct and lets you access the device.

Tested this out in the lab.

BR,

Karthik

0 Likes Likes

minow
L4 Transporter
In response to kprakash

‎08-07-2013 02:06 PM

yes i know this. but i tried to performe a backup using the API.... and the file i get has ***** in the "phash" attribute as shown in my post.

do you have any suggestion how to enable PA to export the hashed password on the API exported file?

0 Likes Likes

kfindlen
L4 Transporter
In response to minow

‎08-07-2013 02:12 PM

Is the user being utilized to authenticate to the API a superuser?  A non-superuser account will cause the password hash to be removed from the output.

minow
L4 Transporter
In response to kfindlen

‎10-07-2013 10:31 PM

That was the answer

0 Likes Likes
  • 5581 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks