Backup of Virtual Appliance

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Backup of Virtual Appliance

L1 Bithead

Hi PA forums,

I had a question, is it recommended or wise to backup a VM series PA?

Thanks.

 

(tried googling, but kept giving me virtual backup appliances results)

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Although it says Panorama in the header there is answer part that states "Do not use the VMware snapshots functionality with any PAN virtual machine as it is NOT supported."

 

It is also mentioned here:

https://docs.paloaltonetworks.com/vm-series/11-0/vm-series-deployment/set-up-a-vm-series-firewall-on...

 

"

  • Do not use the VMware snapshots functionality on the VM-Series on ESXi. Snapshots can impact performance and result in intermittent and inconsistent packet loss.See the VMware best practice recommendation for using snapshots.
    If you need configuration backups, use Panorama, or from the firewall, use 
    Export named configuration snapshot (Device > Set up > Operations). Using Export named configuration snapshot
     exports the firewall’s active configuration (running-config.xml) and allows you to save it to any network location."
     

Most backup solutions (there are some exceptions) instruct VMware to take snapshot, then copy data over and then instruct VMware to remove snapshot. So you need to check with your backup software what exact procedure they use.

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

You can export running config from firewall.

If you push config from Panorama then device state is best option as running config export don't include config came from Panorama.

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/firewall-administration/manage-configurat...

 

Although taking snapshots works 99.9% of the time it is not officially supported so can't suggest that.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POL6CAO

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L1 Bithead

thanks Raido.. it is a PA firewall though, not Panorama.

And the backup solutions is like VM backup, not snapshots.

Is it still not recommended?

Cyber Elite
Cyber Elite

Although it says Panorama in the header there is answer part that states "Do not use the VMware snapshots functionality with any PAN virtual machine as it is NOT supported."

 

It is also mentioned here:

https://docs.paloaltonetworks.com/vm-series/11-0/vm-series-deployment/set-up-a-vm-series-firewall-on...

 

"

  • Do not use the VMware snapshots functionality on the VM-Series on ESXi. Snapshots can impact performance and result in intermittent and inconsistent packet loss.See the VMware best practice recommendation for using snapshots.
    If you need configuration backups, use Panorama, or from the firewall, use 
    Export named configuration snapshot (Device > Set up > Operations). Using Export named configuration snapshot
     exports the firewall’s active configuration (running-config.xml) and allows you to save it to any network location."
     

Most backup solutions (there are some exceptions) instruct VMware to take snapshot, then copy data over and then instruct VMware to remove snapshot. So you need to check with your backup software what exact procedure they use.

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L1 Bithead

OK thanks, I guess the general advice is consistent enough

  • 1 accepted solution
  • 1929 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!