For details on cookie usage on our site, read our Privacy Policy
What is the best way to import a device state to an old device
- LIVEcommunity
- Discussions
- General Topics
- Re: What is the best way to import a device state to an old device
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2021 04:00 AM
Recently we faced an issue with one of the firewalls so we thought to replace with a spare one. we took the device state backup and imported it into the Spared firewall. It was running the same OS and same hardware. But It was NOT factory reset, it has the configuration and we didn't do it factor reset and uploaded the device state backup. but then we saw multiple commit errors. I don't understand why? Because after importing a new device state it should overwrite all the config on the spared device but it is throwing commit error related to its existing config.
Just wanted to understand why that happened? Does the device state not overwrite after uploading a new device state to the spared firewall or it must be factory reset before uploading any device state? Please provide your expert views.
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2021 06:23 AM
No, no errors, why not revert changes then remove the device from Panorama in Device\Settings\Panorama Settings\Disable Panorama Policy and Objects, commit, then apply snapshot
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2021 04:41 AM
That's what i normally do when i bring a spare box from QA into production...
do you have the required licenses on the new device.
perhaps a screen shot of some of the errors may help...
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2021 06:00 AM
Yes, all devices are licensed with active support. I do get commit errors of the config related to zone names, different profiles names, etc as the firewall had existing configuration in it but it should be wiped out after uploading the new device state and only new config should show.
Do you not see any issue related to commit after uploading the device state of prod firewall to your QA firewall?
I have another difference here is the firewall had security policies pushed from Panorama
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-16-2021 06:23 AM
No, no errors, why not revert changes then remove the device from Panorama in Device\Settings\Panorama Settings\Disable Panorama Policy and Objects, commit, then apply snapshot
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-18-2021 10:44 PM
I have a firewall that is in QA and being managed through Panorama.
I have another set of firewalls in Prod and I have to use QA firewall to Prod in case of any issue and manage it locally.
I couldn't understand what revert changes mean. My steps are as follows:
1. connect QA fw and disable Panorama Policy and Objects, commit,
2. upload Prod firewall device state to QA firewall and disable Panorama Policy and Objects and import it and commit.
Pls, let me know what revert changes you were referring to. Thank you!
- Device Certificate: can't replace old device cert by putting in newly generated OTP in General Topics
- Intense SSO failures in Cortex XDR Discussions
- OOM-Killer on 8.1 Trail (PA-5050 device) in General Topics
- Firewall servicing as UserID Client - limit in Next-Generation Firewall Discussions
- PA--820 Power Supply Voltage In (Vin) Voltage and Frequency Range in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
