Palo Alto – Backup The Configuration For Restore

Recently I needed to get a hold of the configuration file that we were able to easily restore to another device in the event of a hardware failure. To perform this task we tried using RANCID but all it does is capture the output of

user@hostname> set cli config-output-format default
user@hostname> show config running


user@hostname> set cli config-output-format xml
user@hostname> show config running

Unfortunately the output of these commands are not easily restored to another device in the event of a hardware failure.

To get a configuration backup that you can reload easily on a new/existing device you need to get a copy of the proper XML configuration file. The way to get this is with the following command:

user@hostname> tftp export configuration from running-config.xml to <TFTP Server>

Once you have this you are able to load it back onto a device with no fuss or messing about.

Update: I did eventually get RANCID backing up the XML file that’s TFTP’d from the device with some custom scripts that I wrote, it’s a bit of a fudge but it works.