How to Schedule Configuration Export without Panorama?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to Schedule Configuration Export without Panorama?

L2 Linker

Hello,

I would like to know if it is possible to automatically export the configuration of my firewall without Panorama.


Thank you in advanexportce for your help.

6 REPLIES 6

There is no "official" Scheduler for automatic export yet. But you can ask your SE to sign the Feature Request for you.

Anyway there are some ways to trigger config Backups from external Server

1. Use the XML API

2. Or use remote ssh login (with public/private key for passwordless login) in a shell script on an external Server and execute backup commands:

scp export configuration to USER@SCPHOST:PATH

or

tftp export configuration to TFTPHOST

Cheers

Marco

how do you backup the passwords also?

i have seen in the XML output that it shows this for a local user record:

<entry name="admin">

<phash>********</phash>

<permissions>

   <role-based>

    <superuser>yes</superuser>

   </role-based>

  </permissions>

but if i export the runing config from the webui then i get the "phash" in the right way

what do you suggests?

Although the passwords are shown as a hashed value on the exported file, when you import back the file onto a firewall, the same passwords are maintained. As hashes are irreversible ( cannot be decrpypted  ), the firewall computes the hash of the password that the user enters on the ssh or the gui, and if the hash of the password matches that of the running config, the PANFW identifies that the password is correct and lets you access the device.

Tested this out in the lab.

BR,

Karthik

yes i know this. but i tried to performe a backup using the API.... and the file i get has ***** in the "phash" attribute as shown in my post.

do you have any suggestion how to enable PA to export the hashed password on the API exported file?

Is the user being utilized to authenticate to the API a superuser?  A non-superuser account will cause the password hash to be removed from the output.

That was the answer

  • 5088 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!