This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

What is the best way to import a device state to an old device

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the best way to import a device state to an old device

Go to solution
vsingh
L2 Linker

‎02-16-2021 04:00 AM

Recently we faced an issue with one of the firewalls so we thought to replace with a spare one. we took the device state backup and imported it into the Spared firewall. It was running the same OS and same hardware. But It was NOT factory reset, it has the configuration and we didn't do it factor reset and uploaded the device state backup. but then we saw multiple commit errors. I don't understand why? Because after importing a new device state it should overwrite all the config on the spared device but it is throwing commit error related to its existing config.

 

Just wanted to understand why that happened? Does the device state not overwrite after uploading a new device state to the spared firewall or it must be factory reset before uploading any device state? Please provide your expert views.

0 Likes Likes
8 REPLIES 8

Go to solution
MickBall
L7 Applicator
In response to vsingh

‎02-19-2021 01:24 AM

i was referring to the revert option in the top RH corner under config. it was only to use if the commit had failed. (to put the FW back to QA) and start again..

 

I used the snapshot option from prod to QA, have you tried that....

 

 

0 Likes Likes

Go to solution
vsingh
L2 Linker
In response to MickBall

‎02-19-2021 05:06 AM

No, I didn't try the snapshot option because the snapshot doesn't have a panorama pushed policy, it does have only running-config of the firewall. I use device state as it contains panorama pushes policy also. 

0 Likes Likes

Go to solution
vsingh
L2 Linker
In response to MickBall

‎02-19-2021 05:27 AM

Is there any way to get Palo alto configuration which includes firewall configuration directly done from the device and object and policy rules pushed from the panorama?

Or any way to get a configuration for e.g. policy and object for a particular device-group from Panorama?

0 Likes Likes

Go to solution
MickBall
L7 Applicator
In response to vsingh

‎02-19-2021 06:16 AM

you could take a snapshot of prod firewall and import to QA, then join QA to panorama and add to same device group to push policies out.

 

or

 

remove prd firewall from panorama and keep policies.  do not commit but just save the configuration to file.  then revert the change and export the file for QA.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks