Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Selective cut-paste of the config

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Selective cut-paste of the config

Not applicable

Hi,

I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I could see it working is export the config from GUI to xml format, edit whole file in notepad and bring it back. However this task is cumbersome.

Is there any way to just cut-paste a section of the config at command line?

Thanks,

Sam

1 accepted solution

Accepted Solutions

Below is how I got around it. Thanks to somebody's good documentation on the support site.

On source PA box:

admin@myFW> set cli config-output-format set

configure

# Run following commands and capture output in a text file

show address

show address-group

show rulebase security rules

show rulebase nat rules

# Make any edits offline.

On destination PA box:

admin@myFW> set cli script-mode on

# paste all config lines.

set cli script-mode off

This is what I did. But I was hoping to export full config in set commands mode and edit it offline and then paste again. I could not find a command that gave me full config including routing, global protect et all.

Thanks,

Sam

View solution in original post

5 REPLIES 5

Not applicable

Unfortunately it's not clear to me how what "{scp|tftp} import configuration" in the CLI does.

Nevertheless you can generate a file containing the CLI commands to create the objects.

"set address foo ip-netmask 1.2.3.4/32"

and paste the text file in the CLI in configuration mode (if it's not too big, probably).

or buy Panorama ...

Retired Member
Not applicable

There is not an easy way to load just parts of the configs. XML editing is probably the easiest way. You could create one template config with all your objects. Then export that and use a text editor to find and replace parts such as hostname, system IP, etc. Then import that to whichever box requires it. Other option is as use 'set' commands as Wscmtts mentioned. To view your configs in 'set' format, use below CLI command.

set cli config-output-format set

Then view your configs with 'show config running'.

Regards

-Richard

Below is how I got around it. Thanks to somebody's good documentation on the support site.

On source PA box:

admin@myFW> set cli config-output-format set

configure

# Run following commands and capture output in a text file

show address

show address-group

show rulebase security rules

show rulebase nat rules

# Make any edits offline.

On destination PA box:

admin@myFW> set cli script-mode on

# paste all config lines.

set cli script-mode off

This is what I did. But I was hoping to export full config in set commands mode and edit it offline and then paste again. I could not find a command that gave me full config including routing, global protect et all.

Thanks,

Sam

Not applicable

Thanks to these posts.

Once you've entered admin@myFW> set cli config-output-format set

Enter at CLI: configure

Then all you have to do is enter (at prompt with #): show (press enter)

This will spill out all configs including bunch of encrypted garble which you'll have to remove from your text.  Haven't figured out if that could be routed to tftp or text file yet.  But, a great start.

This is better than editing xml files. Smiley Happy

L4 Transporter

I tried the method mentioned above,   set cli config-output-format-set output and show config cut and paste the config to another firewall.   I ran into the config output are not always in order, it make the my jobs very difficult.  Editing offline are not always best options either.

To those who have used to JunOS, you know about the load [replace|merge|set] terminal command (example)

If you are interested to see similar features available on PANOS, please submit a feature request with your SEs or resellers.

Thanks,

Ernest

  • 1 accepted solution
  • 5295 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!