This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Merging two Palos Config

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Merging two Palos Config

john.mayer
L0 Member

‎03-08-2023 03:38 PM

Hello everyone

I have two Palo PA-850s with software version 10.2.2 that are running in different locations. To merge all the services to one location, I must merge two Palos configurations from ACLs, NATs, and Interfaces to a single device (or the HA pair).

As far as I know, I can export the .xml config, edit it, and then import it to Palo, but does it merge with the old config or replace it?

 

Regards

John

0 Likes Likes
3 REPLIES 3

JayGolf
Community Team Member

‎03-08-2023 10:05 PM

Hi @john.mayer ,

 

If you import a new config it will replace the current config on the device. In the past, I found Expedition to be very useful. You can import the preferred firewall config as the base config and the secondary firewall config as the source configuration file. You will be able to move/edit interfaces, NAT rules, security policies, and services/objects. For more info, check the Expedition section we have within LiveCommunity.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

OtakarKlier
Cyber Elite
Cyber Elite

‎03-09-2023 10:02 AM

Hello,

After you update the xml, remove the parts that you dont want to update. This way it will only update the parts you want to update.

 

Regards,

0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎03-11-2023 04:48 PM

Hi @john.mayer ,

 

Another way you could do it is as follows:

 

  1. Import and load the 1st configuration (the one with the most config to keep) onto the NGFW.
  2. Import and do not load the 2nd configuration.
  3. Load config partial the sections you want to add to the candidate configuration.  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/load-configurations/...
    1. Use mode merge.
    2. Find the XPath from the API browser.  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api...
    3. The from file will be the XML of the 2nd config.

If the sections are not too big, copying the set commands on the CLI from one NGFW to another is quick also.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
  • 2121 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks