Palo alto candidate configuration vs running conf

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Palo alto candidate configuration vs running conf

L2 Linker

 

Hello,

I don't understand the difference between candidate configuration and running configuration.

Before committing when I'm making changes it's the running configuration and when I commit it becomes candidate configuration?

Another question. I've made a commit and I'd like to rollback how do I do it?

2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

@Sarou22,

The candidate-config is the thing that you're actually modifying when you're working on the device prior to when you commit. So if I make a user named "TestUser" as an example, that user only exists in the candidate configuration until I commit that configuration change.

The running-config is what the device actually has active and what it's using to apply current policy. This configuration doesn't include any changes that you haven't committed to the device, but rather only what is currently active for the device to enforce.

 

The most basic way to explain this is like this:

  • Running Configuration = The configuration that is active on the device and actually being enforced.
  • Candidate Configuration = The configuration that you would be making any changes to that has yet to be committed and made active on the device.

View solution in original post

Cyber Elite
Cyber Elite

@Sarou22 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000HAHXCA4

 

For rollback commit you either need to save the config before doing the commit or you revert to previous changes.

Please see this

 

Revert Firewall Configuration Changes (paloaltonetworks.com)

 

 

 

Any more questions please let me know?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

@Sarou22,

The candidate-config is the thing that you're actually modifying when you're working on the device prior to when you commit. So if I make a user named "TestUser" as an example, that user only exists in the candidate configuration until I commit that configuration change.

The running-config is what the device actually has active and what it's using to apply current policy. This configuration doesn't include any changes that you haven't committed to the device, but rather only what is currently active for the device to enforce.

 

The most basic way to explain this is like this:

  • Running Configuration = The configuration that is active on the device and actually being enforced.
  • Candidate Configuration = The configuration that you would be making any changes to that has yet to be committed and made active on the device.

Cyber Elite
Cyber Elite

@Sarou22 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000HAHXCA4

 

For rollback commit you either need to save the config before doing the commit or you revert to previous changes.

Please see this

 

Revert Firewall Configuration Changes (paloaltonetworks.com)

 

 

 

Any more questions please let me know?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 2 accepted solutions
  • 1866 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!