How to Schedule Configuration Export without Panorama?

Reply
Highlighted
L2 Linker

How to Schedule Configuration Export without Panorama?

Hello,

I would like to know if it is possible to automatically export the configuration of my firewall without Panorama.


Thank you in advanexportce for your help.

Tags (2)
Highlighted

Re: How to Schedule Configuration Export without Panorama?

There is no "official" Scheduler for automatic export yet. But you can ask your SE to sign the Feature Request for you.

Anyway there are some ways to trigger config Backups from external Server

1. Use the XML API

2. Or use remote ssh login (with public/private key for passwordless login) in a shell script on an external Server and execute backup commands:

scp export configuration to USER@SCPHOST:PATH

or

tftp export configuration to TFTPHOST

Cheers

Marco

Highlighted
L4 Transporter

Re: How to Schedule Configuration Export without Panorama?

how do you backup the passwords also?

i have seen in the XML output that it shows this for a local user record:

<entry name="admin">

<phash>********</phash>

<permissions>

   <role-based>

    <superuser>yes</superuser>

   </role-based>

  </permissions>

but if i export the runing config from the webui then i get the "phash" in the right way

what do you suggests?

Highlighted
L5 Sessionator

Re: How to Schedule Configuration Export without Panorama?

Although the passwords are shown as a hashed value on the exported file, when you import back the file onto a firewall, the same passwords are maintained. As hashes are irreversible ( cannot be decrpypted  ), the firewall computes the hash of the password that the user enters on the ssh or the gui, and if the hash of the password matches that of the running config, the PANFW identifies that the password is correct and lets you access the device.

Tested this out in the lab.

BR,

Karthik

Highlighted
L4 Transporter

Re: How to Schedule Configuration Export without Panorama?

yes i know this. but i tried to performe a backup using the API.... and the file i get has ***** in the "phash" attribute as shown in my post.

do you have any suggestion how to enable PA to export the hashed password on the API exported file?

Highlighted
L4 Transporter

Re: How to Schedule Configuration Export without Panorama?

Is the user being utilized to authenticate to the API a superuser?  A non-superuser account will cause the password hash to be removed from the output.

Highlighted
L4 Transporter

Re: How to Schedule Configuration Export without Panorama?

That was the answer

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!