[rancid] Restore a Palo Alto Firewall from a Rancid bacup

Scott Granados scott.granados at gmail.com
Fri Jul 12 19:23:30 UTC 2019


We haven’t bothered with Panorama much because unlike the firewalls themselves the Panorama interface is very poor with screen readers and other accessibility technologies used.

In AWS we do a lot of exporting of configs and use S3 to bootstrap the virtual appliances so there may be a difference in what I’m working with.  We can edit the configs in S3 and they an be automatically imported or grabbed on boot.  On the hardware though I thought it was selectable.  I’ll review the link you sent, thank you.

 Just queried my PA and the choices I have to export or import configs are JSUN, XML, SET or Default which looks like JSUN to me so not sure why that’s duplicated.  I am just setting the CLI variable I assume you’re using a different mechanism that’s different.

Thanks


If you’re connecting via SSH and pulling the config I don’t see why you couldn’t set it to what ever format you wanted and then push with the correct flag set at the head of the request.



> On Jul 12, 2019, at 2:56 PM, Gauthier, Chris <cgauthier at comscore.com> wrote:
> 
> Exported config files are in XML format. Here is a link to the documentation. Nowhere in their documentation does it reference using JSON as the format for import/export.
> 
> Also, Palo Alto has a "scheduled export" facility, especially if you are using Panorama. We use RANCiD to track the changes more than anything, but use the utility to auto-export configs.
> 
> https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html
> 
> --Chris
> 
> 
> 
> 
> Chris​ 	Gauthier	 Senior Network Engineer	 | 	Comscore
> t +1 (503) 331-2704 <tel:(503)%20331-2704>	 | 
> cgauthier at comscore.com <mailto:cgauthier at comscore.com>
> comscore.com <http://www.comscore.com/>
> ​​​This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.
> -----Original Message-----
> From: Scott Granados <scott.granados at gmail.com>
> Date: Friday, July 12, 2019 at 11:44 AM
> To: john heasley <heas at shrubbery.net>
> Cc: "Gauthier, Chris" <cgauthier at comscore.com>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
> Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup
> 
> It’s not XML, it’s JSUN if I understand where you’re going with this.
> 
> From exec mode
> Set cli config-output-format default
> 
> Also other variables here can be set for set form andother formats which you can select and display with a ? In the config-output-format parameter field.
> 
> Thanks
> 
> 
> > On Jul 12, 2019, at 2:20 PM, john heasley <heas at shrubbery.net> wrote:
> > 
> > Fri, Jul 12, 2019 at 06:15:39PM +0000, Gauthier, Chris:
> >> Rancid configs for PAN can NOT be used to restore the config, unless you cut and paste the configuration. This is because the native config files are stored in XML format and that is the format the Palo Alto utilities expect when performing restorations.
> >> 
> > 
> > so, store both in rancid. what is the cmd to retrieve the xml format?
> > 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss&c=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,&typo=1
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20190712/42ff0423/attachment.html>


More information about the Rancid-discuss mailing list