01-10-2022 12:22 PM
How do I restore Panorama configuration?
I do a "Scheduled Config Export" every night.
Old Panorama VM had to be rebuilt from scratch. No access to old VM.
I have rebuilt the VM from OVA. When I try to "Import name Panorama configuration snapshot" per restore documents I get an error that the file is not an .xml.
What is the procedure to use the .tgz file created by the export?
01-18-2022 08:33 AM
I did extract the file. I discovered that the nightly "Scheduled Config Export" that we do actually backs up Panorama and every firewall managed by Panorama. I found the Panorama configuration in the list of extracted files.
I did the import and the load. This got Panorama back up and working.
However, one item that was not working was log collection. After much research and Palo support conversations I discovered that the config export does not contain the Panorama / Collector Group / Device Log Forwarding / Log Forwarding Preferences / Devices. I had to manually enter these and do a commit/push of the Collector Group. We also had to restart the management server process per the following KB which resolved the issue.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaGCAS
01-11-2022 07:48 PM
Thank you for the post @Joel_W
Have you tried to manually extract the tgz file? After you extract it, there should be a tar file that includes an xml file. You can use this xml file to import configuration.
Kind Regards
Pavel
01-12-2022 12:31 AM - edited 01-12-2022 12:32 AM
Hi @Joel_W
Like Pavel said, you can extract the tgz file and you will get a .xml file
--Go to panorama -> Setup --> Operations --> Import named Panorama configuration snapshot --> Import the extracted .xml file
--Go to panorama -> Setup --> Operations --> Load named Panorama configuration snapshot --> Load the extracted .xml file
-- NB - Make sure to uncheck all other options except "Retain Rule UUIDs" and click OK
--Refresh the page and check for Device Groups and Templates
01-18-2022 08:33 AM
I did extract the file. I discovered that the nightly "Scheduled Config Export" that we do actually backs up Panorama and every firewall managed by Panorama. I found the Panorama configuration in the list of extracted files.
I did the import and the load. This got Panorama back up and working.
However, one item that was not working was log collection. After much research and Palo support conversations I discovered that the config export does not contain the Panorama / Collector Group / Device Log Forwarding / Log Forwarding Preferences / Devices. I had to manually enter these and do a commit/push of the Collector Group. We also had to restart the management server process per the following KB which resolved the issue.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaGCAS
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
