Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-17-2011 12:54 PM
Hi,
I have to deploy 9 PA boxes. I would like to create all objects on one box and copy that section to all the boxes. How do I achieve that? The config seems to be in XML format and section cut-paste is not working on command line. So far only way I could see it working is export the config from GUI to xml format, edit whole file in notepad and bring it back. However this task is cumbersome.
Is there any way to just cut-paste a section of the config at command line?
Thanks,
Sam
12-19-2011 08:09 AM
Below is how I got around it. Thanks to somebody's good documentation on the support site.
On source PA box:
admin@myFW> set cli config-output-format set
configure
# Run following commands and capture output in a text file
show address
show address-group
show rulebase security rules
show rulebase nat rules
# Make any edits offline.
On destination PA box:
admin@myFW> set cli script-mode on
# paste all config lines.
set cli script-mode off
This is what I did. But I was hoping to export full config in set commands mode and edit it offline and then paste again. I could not find a command that gave me full config including routing, global protect et all.
Thanks,
Sam
12-17-2011 10:22 PM
Unfortunately it's not clear to me how what "{scp|tftp} import configuration" in the CLI does.
Nevertheless you can generate a file containing the CLI commands to create the objects.
"set address foo ip-netmask 1.2.3.4/32"
and paste the text file in the CLI in configuration mode (if it's not too big, probably).
or buy Panorama ...
12-18-2011 12:29 PM
There is not an easy way to load just parts of the configs. XML editing is probably the easiest way. You could create one template config with all your objects. Then export that and use a text editor to find and replace parts such as hostname, system IP, etc. Then import that to whichever box requires it. Other option is as use 'set' commands as Wscmtts mentioned. To view your configs in 'set' format, use below CLI command.
set cli config-output-format set
Then view your configs with 'show config running'.
Regards
-Richard
12-19-2011 08:09 AM
Below is how I got around it. Thanks to somebody's good documentation on the support site.
On source PA box:
admin@myFW> set cli config-output-format set
configure
# Run following commands and capture output in a text file
show address
show address-group
show rulebase security rules
show rulebase nat rules
# Make any edits offline.
On destination PA box:
admin@myFW> set cli script-mode on
# paste all config lines.
set cli script-mode off
This is what I did. But I was hoping to export full config in set commands mode and edit it offline and then paste again. I could not find a command that gave me full config including routing, global protect et all.
Thanks,
Sam
10-10-2012 09:11 PM
Thanks to these posts.
Once you've entered admin@myFW> set cli config-output-format set
Enter at CLI: configure
Then all you have to do is enter (at prompt with #): show (press enter)
This will spill out all configs including bunch of encrypted garble which you'll have to remove from your text. Haven't figured out if that could be routed to tftp or text file yet. But, a great start.
This is better than editing xml files. 
02-05-2013 12:13 PM
I tried the method mentioned above, set cli config-output-format-set output and show config cut and paste the config to another firewall. I ran into the config output are not always in order, it make the my jobs very difficult. Editing offline are not always best options either.
To those who have used to JunOS, you know about the load [replace|merge|set] terminal command (example)
If you are interested to see similar features available on PANOS, please submit a feature request with your SEs or resellers.
Thanks,
Ernest
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
