Is it possible to load config from a firewall up to Panorama?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is it possible to load config from a firewall up to Panorama?

L0 Member

Hello,

The last 4 months of config changes seem to have fallen off our Panorama server but the firewalls it manages are still up to date.

Is it possible to gather the config from them and push it to Panorama?

Thanks in advance for any help.

4 REPLIES 4

L7 Applicator

Hello Phogg,

Option-1:

Could you please check, old configuration version on your firewall. Try to recover from an old saved/commit configuration.

Panorama-config.jpg

Option-2: If you have a previously generated tech-support file from Panorama. We can retrieve config from that too.

Option-3:

The below mentioned KB article may help you in this situation.

How to Import Palo Alto Networks Firewall Configurations into Panorama

Hope this helps.

Thanks

Hello thanks for that.

That was where we had got to and we found the most recent configuration there was from April.

In the end we were able to export XML files out of server and devices to compare differences and edit the running-config.xml file. Once finished there we could load the new, edited and restored config back to Panorama.

This was the document that we used: Policies are Pushed from Panorama, but Local Commit on Panorama was Never Performed

It was slightly misleading. It says to try one of the resolutions but there are really only 2. Either the first point or the rest of them as steps. The resolution should be as below.

Resolution

First, check to make sure the missing policies are not located on Panorama. If they are not found, then try one of the following to recover the pushed policies:

  • Manually add the policies back to Panorama.

  • Use TFTP or SCP export out the (.merged-running-config.xml).
  • Export out the Panorama running-config.xml
  • Edit the running-config.xml and add the missing policies.
  • Import and load the running-config.xml.

Thanks again!

Not applicable

Hi

You can also use the migration tool to import a FW into Panorama. I haven't tried it myself yet. But I'm working on a project, where we will try it next week (if all goes as planned).

The migration tool is NOT available to customers only to partners.  so we don't have that option.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2839 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!