02-06-2020 09:41 AM
Hi,
I would like to backup and restore a panorama like I can with the firewall, on the firewall i set "set cli op-command-xml-output on" and get the config via the console, then bootstrap the firewall to restore the config...
now i am wondering how I can do the same with panorama...
it seems that i can neither set operational output to xml, nor restore a config via bootstrap... is that so?
is there any way i could automate backing up a panorama and restoring it?
02-06-2020 01:43 PM
panorama actually has a backup feature that allows you to automate ftp backups of its config, that way you only need to import the config file to be up and running again
02-06-2020 03:10 PM
yes but that doesnt work for me...
I need a solution via console or rather without network connectivity.
This is not for a production system, its for a lab software
For the firewall I save the output from the console in a file and automate the bootstrapping so you can easily backup/restore configs in seconds, works well so far actually (I tried to do it with saving and restoring the set commands but trying to automate the login is a pain for several reasons, 1.) password after 9.0.4 cannot be admin/admin anymore 2.) console keeps telling you incorrect login and there is no consistent way of telling when thats true or if the authentication daemon still needs time to start
02-06-2020 03:13 PM
Please refer to this KB article.. it may be able to show you..
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgWCAS
02-07-2020 12:06 AM
Thanks @jdelio but that doesnt help me unfortunately, seems more like its not possible although i dont understand why panorama does not have the same command to output the config in xml format...
02-07-2020 01:10 AM
@CLIqhow about
reaper@pano> set cli config-output-format xml
reaper@pano> set cli pager off
reaper@pano> configure
Entering configuration mode
[edit]
reaper@pano# show02-08-2020 03:05 AM
@reaper yes, that does not seem to show the complete configuration and cannot be used to restore panorama with a file.
anyways it seems that panorama does not support something like bootstrapping...
so basically I guess I am asking what the best way would be to automate backup and restore of panorama...
i was thinking about using set commands but then there is the problem of not being able to detect when you are able to login... if I script it and it keeps saying invalid credentials... i cant differentiate that from actually not being able to login...
has anyone even ever tried that and will the "show" with set commands actually restore the complete panorama configuration if entered on a "fresh" panorama?
02-08-2020 03:38 AM
@CLIq the automated daily ftp backup gets you an easy to use set of xml config that doesnt require any scripting. Once you fi d yourself in a situation where you need to recover from zero, grab the last config backup zip file, unpack, import and you're ready to go
02-08-2020 04:59 AM
@reaper Thanks but like I mentioned above, I need to do this without GUI and without network connections.
I can script it and I have access to the hypervisor and console of the Panorama.
so far the only option I see is to use the export as set commands (although i am not sure if a "show" will give you the complete panorama config as it does not if its in xml format) and then restore it the same way by entering those set commands... unfortunately the login prompt is **bleep**... so difficult to login with a script as you cannot know when the authdaemon is started.
any comments anyone? better idea? confirm any part of my hypothesis?
02-08-2020 05:04 AM
@CLIq you dont need the gui for this at all 🙂
The ftp export is a config you can put in, import can be achieved through scp or sftp
You may wanna reach out to your sales guys to submit a feature request
02-08-2020 05:15 AM
@reaper i dont need the gui but a network connection for this
Thanks, I wanted to see if there was any possibility as I doubt the feature request will be taken into consideration as this is not meant for production... anyways, will try.
Thanks
03-02-2020 08:21 AM
as a further response...
seems the panorama has not been designed for such a use-case as without a valid license you cannot even enter most of the configuration...
was hoping that the licensing could be taken care of manually after the "automatic config restore"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
