Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-10-2018 05:54 AM
Hi all,
Is it possible to rollback to 'last known good' configuration, or even previously running config.
Say for example I make some changes and issue a commit, then subsequently lose connectivity. Is there a mechanism to schedule a rollback to previously running config after say 5minutes?.
Many thanks
Ajaz Nawaz
JNCIE-SEC No. 254
CCIE-RS No. 15721
01-13-2018 07:40 AM
The feature is called "commit confirmed" in the Juniper world. There is a feature request pending for a while now.
FR ID 204
Contact your sales engineer and have your company also vote for this feature.
Previous discussion
01-10-2018 05:57 AM
From a straight feature standpoint; not that I know of. I'm assuming that this is on a remote Palo (otherwise it wouldn't really matter) so in that case you could use a local computer within that firewalls network to script this function via the API.
01-10-2018 02:22 PM
Hello,
Not sure what changes you are making, however if they are policies, then you add a new policy above the one you want to modify and check the logs to see if the new one gets hit. WIth routing now much to do there but to have hands on the device :(.
Regards,
01-11-2018 09:09 AM
Thanks for the replies.
Its a valuable feature so am somewhat surprised it isn't already there...
Juniper seemed to have it nailed.
Will probably make its way into the code I imagine at some point.
01-13-2018 07:40 AM
The feature is called "commit confirmed" in the Juniper world. There is a feature request pending for a while now.
FR ID 204
Contact your sales engineer and have your company also vote for this feature.
Previous discussion
01-15-2018 05:24 AM
Hi Steve - thanks for the info.
I could be accused of being over-paranoid here but its understandable why any vendor would be reluctant to introduce such a feature as its facilitates migrating to a different vendor.
Kind regards
Ajaz
01-17-2018 04:37 PM
Commit confirmed has nothing to do with migration.
Have you ever applied a new configuration to a network device and found yourself suddenly disconnected and cut off from the remote device because there was an error you failed to notice in your configuration?
This is the problem that commit confirmed solves. You commit the new configuration.
If you don't confirm that all is well in the alloted time, the configuration automatically rolls back to the previous settings restoring access.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
