Schedule Export of Configuration Files Questions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Schedule Export of Configuration Files Questions

L0 Member

Hi All,

My goal is to set up a daily backup of Panorama/Firewall Configs.

 

Regarding config backups, does anyone know if the OS matters? For example, the SCP/FTP server is UNIX vs Windows where the logs are stored?

I also understand only Panorama can do this. How would I do this with all firewalls? The article below states that "Panorama saves a backup of its running configuration as well as the running configurations of all managed firewalls." but I don't see firewalls mentioned under Paorama -> Scheduled Config Export.


https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/administer-panorama/manage-panorama-a...

 

7 REPLIES 7

Cyber Elite
Cyber Elite

That is because the Panorama is the central repository of the XML and will zip up the configurations for all hardware (Panorama and FWs).  I have been doing PS for 10 yrs, so I am pretty comfortable in stating that this is how the product works.


As to where the files are saved, it is in whatever directory you configure on the server and configure that directory in the Panorama settings. 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

L2 Linker

@S.Cantwell , So if we're using Windows OS, only FTP is supported. In which OS environment can we try SCP to take periodic configuration export?

Here is a link to find some favorite SCP server apps for Windows

 

https://www.itprc.com/the-best-scp-servers-for-windows/

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

L2 Linker

I didn't ask for scp software for windows. As per PA documentation, if we're using windows for config export, panorama only supports FTP. If we need scp protocol to be used for export, either unix or linux server needed. please correct me if I' m wrong.

I would not say anyone is wrong. Maybe I am the one that is not fully understanding.

I have a Panorama and I am using Linux which support FTP/SCP and I am able to perform backups

 

SteveCantwell_0-1667917925374.png

 

Would you like for me to test FileZilla Server (which support SCP/FTP) on Windows.

I think the OS does not matter, only the protocol.

So I am confused when you say Panorama can only do FTP to a Windows machine.  Not sure that the Panorama really is concerned about the OS, but more about the protocol.

 

I am trying my best to understand the situation and provide the best level of support to you.

Thank you.

Please help out other users and “Accept as Solution” if a post helps solve your problem !

L2 Linker

Thanks @S.Cantwell for the response. 

I've tried with FileZilla(from windows), through FTP protocol its working fine but not with SCP protocol, getting connection timeout.

Untitled.jpg

I think in this case, we will need a Linux or Unix server if we want to use the SCP protocol.

 

 

L0 Member

Hi,

I came across this wondering the same thing, and managed to work it out with trial and error.
Yes, Panorama can export via SCP to a Windows machine. We're running Solarwinds SFTP/SCP Server on Windows Server and I've got it working. Note that in my case, the path is simply "/" (as I want to put files in the root directory of the SCP server).
I too read Palo Alto's KB that you posted in your screenshot above. I think this means that Windows doesn't natively support SCP - so you would need to install 3rd party software.
HTH.

  • 5059 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!