[rancid] Palo Alto (Panorama) configuration

Gauthier, Chris cgauthier at comscore.com
Thu Jul 11 14:19:00 UTC 2019


I have run into the issues seen below, as we migrated to a fully-managed Panorama ecosystem in recent months.  The output of the “show configuration running” (or whatever it is) is more limited on the managed device because (I believe) what is being shown is only the locally-managed configuration.  I haven’t looked yet to see if there is a workaround.

--Chris


Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 | 
cgauthier at comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.
From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> on behalf of annie lee <lsy.annie at gmail.com>
Date: Wednesday, July 10, 2019 at 6:02 PM
To: john heasley <heas at shrubbery.net>
Cc: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

i tried to grab the configs from the panorama and it's what i wanted :-)
apology, im pretty new to the paloalto and panorama device/setup.

thanks and glad i can backup the palo/panorama configs without any tweaking.

On Thu, Jul 11, 2019 at 9:23 AM annie lee <lsy.annie at gmail.com<mailto:lsy.annie at gmail.com>> wrote:
Hi John,

Thanks for your reply and apology for the typo on the paloalto type.  (1.1.1.1;paloalto;up)
Below are the sample config for one of the firewall configs (removed all the ip addresses).
Basically there are heaps more configs (routing, policy, NAT, virtual router and etc...) i can see from the Panorama.
Not sure its similar to F5 tweak that we need to add the partition to grab the full configs.

Rgds

On Thu, Jul 11, 2019 at 7:42 AM john heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> Hi All,
>
> Another question, just added a new PaloAlto to rancid (3.9) but not much
> configurations being backup (not even interfaces addresses)
> Anything need to be changed/added to backup the entire configuration ?
>
> 1.1.1.1;palo-alto;up

Please use the built-in type for PAN: paloalto.  if that is still lacking,
please be more specific about what commands are missing.  it collects

show system info;show chassis inventory;show config running
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20190711/e3ef5468/attachment.html>


More information about the Rancid-discuss mailing list