03-29-2023 06:46 AM
Hi all
very basic question however im unable to find a search function here ??
is there a way i can scp the runing-config.xml from the firewall. NOT export from the firewall
basically im trying to scp the running-config.xml however im unable to firn the file path
i have tried "scp username@1.1.1.1:running-config.xml" however this does not find the file.
thanks
04-07-2023 02:50 AM
Hi @chris.maughan ,
You definitely wouldn't make to download config file with " scp username@1.1.1.1:running-config.xml". This would be that connected SSH user will be put the same directory where the target file is place, which doesn't seems right
Even if you the exact location of the config file I don't believe there is a way you can SCP file when initiating connection from remote server to the firewall.
PanOS firewall is hardened Unix-based OS, which put the connected user into custom shell is restricted access. In nutshell SCP is just establishing SSH and then perform some BASH commands, however as mentioned PanOS restricted shell does not allow the use of this standard bash commands, which why any attempt to SCP from remote host to the firewall will fail.
I am afraid SCP from firewall to remote host is the only option here.
Another option would be using API and schedule script to periodically export config over API - How to Export The Device State Using XML API - Knowledge Base - Palo Alto Networks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
