Palo Alto – Backup The Configuration For Restore

Recently I needed to get a hold of the configuration file that we were able to easily restore to another device in the event of a hardware failure. To perform this task we tried using RANCID but all it does is capture the output of

user@hostname> set cli config-output-format default
user@hostname> show config running

or

user@hostname> set cli config-output-format xml
user@hostname> show config running

Unfortunately the output of these commands are not easily restored to another device in the event of a hardware failure.

To get a configuration backup that you can reload easily on a new/existing device you need to get a copy of the proper XML configuration file. The way to get this is with the following command:

user@hostname> tftp export configuration from running-config.xml to <TFTP Server>

Once you have this you are able to load it back onto a device with no fuss or messing about.

Update: I did eventually get RANCID backing up the XML file that’s TFTP’d from the device with some custom scripts that I wrote, it’s a bit of a fudge but it works.

Advertisements

7 responses to “Palo Alto – Backup The Configuration For Restore

    • Hi,

      You should have the two script’s in you email now. Unfortunately due to my current commitments I won’t be able explain the in’s and out’s of them so I’m pretty much providing them as-is.

      A basic overview of the scrips is that it get’s the PaloAlto to scp the config file to /scp and once it’s there it then processes it into rancid from that location.

      Any queries feel free to ask, and I will try to answer although it might take me a few days to get round to replying.

      Regards

      Adam

      Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s