<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:remialcxesans;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1671370832;
mso-list-type:hybrid;
mso-list-template-ids:-1217251352 -175486622 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:"MS Mincho";
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Yes, you can export the different formats, but the restore expects XML, in my experience. Also, for those using Panorama, Erik’s advice to rely on Panorama is sound. Been there, done that, don’t want to restore again, but it worked!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">--Chris<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0;vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#E43D30;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Arial;font-weight:700;">Chris<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;"></span> </td><td align="left" style="vertical-align:top;font-family:Arial;font-weight:700;">Gauthier</td><td align="left" style="vertical-align:top;color:#444444;font-family:Arial;"> Senior Network Engineer</td><td align="left" style="vertical-align:top;font-family:Arial;"> | </td><td align="left" style="vertical-align:top;color:#444444;font-family:Arial;">Comscore<br /></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:3px 0 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#444444;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Arial;">t +1 <a href="tel:(503)%20331-2704" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#444444;"><strong style="font-weight:400;">(503) 331-2704</strong></a></td><td align="left" style="vertical-align:top;color:#E43D30;font-family:Arial;"> | <br /></td><td align="left" style="vertical-align:top;font-family:Arial;"><a href="mailto:cgauthier@comscore.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#444444;"><strong style="font-weight:400;">cgauthier@comscore.com</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:2px 0 0;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#444444;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="vertical-align:top;font-family:Arial;"><a href="http://www.comscore.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#0563C1;"><strong style="font-weight:400;">comscore.com</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:10px 0 2px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:#444444;font-size:10.67px;font-family:Arial;font-weight:400;font-style:normal;text-align:justify;width:500px;"><tr style="font-size:10.67px;"><td style="font-family:Arial;">This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.</td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></td></tr></table></div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Scott Granados <scott.granados@gmail.com><br>
<b>Date: </b>Friday, July 12, 2019 at 12:23 PM<br>
<b>To: </b>"Gauthier, Chris" <cgauthier@comscore.com><br>
<b>Cc: </b>john heasley <heas@shrubbery.net>, "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net><br>
<b>Subject: </b>Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">We haven’t bothered with Panorama much because unlike the firewalls themselves the Panorama interface is very poor with screen readers and other accessibility technologies used.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In AWS we do a lot of exporting of configs and use S3 to bootstrap the virtual appliances so there may be a difference in what I’m working with. We can edit the configs in S3 and they an be automatically imported or grabbed on boot. On
the hardware though I thought it was selectable. I’ll review the link you sent, thank you.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"> Just queried my PA and the choices I have to export or import configs are JSUN, XML, SET or Default which looks like JSUN to me so not sure why that’s duplicated. I am just setting the CLI variable I assume you’re using a different mechanism
that’s different.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If you’re connecting via SSH and pulling the config I don’t see why you couldn’t set it to what ever format you wanted and then push with the correct flag set at the head of the request.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Jul 12, 2019, at 2:56 PM, Gauthier, Chris <<a href="mailto:cgauthier@comscore.com">cgauthier@comscore.com</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Exported config files are in XML format. Here is a link to the documentation. Nowhere in their documentation does it reference using JSON as the format for import/export.<br>
<br>
Also, Palo Alto has a "scheduled export" facility, especially if you are using Panorama. We use RANCiD to track the changes more than anything, but use the utility to auto-export configs.<br>
<br>
<a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdocs.paloaltonetworks.com%2fpan-os%2f8-1%2fpan-os-admin%2ffirewall-administration%2fmanage-configuration-backups%2fsave-and-export-firewall-configurations.html&c=E,1,0qhQpOJ3IE1t6MumBQfYeWwWzNiZrVzg8lehAsq9yfYLyBR3HCK63tvfAGhFRKzvMcASnfiojsE3uVNGhsURGTNARWTNMuKI_9o9a0Y9KSrmudi6fw,,&typo=1">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html</a><br>
<br>
--Chris<br>
<br>
<br>
<o:p></o:p></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:7.5pt 0in 7.5pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;color:#E43D30">Chris</span></b><b><span style="font-size:1.0pt;font-family:"remialcxesans",serif;color:white"></span></b><b><span style="font-family:"Arial",sans-serif;color:#E43D30"> <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;color:#E43D30">Gauthier<o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"> Senior Network Engineer<o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#E43D30"> | <o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">Comscore<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:2.25pt 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">t +1 <a href="tel:(503)%20331-2704" target="_blank"><strong><span style="font-family:"Arial",sans-serif;color:#444444;font-weight:normal;text-decoration:none">(503) 331-2704</span></strong></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#E43D30"> | <o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><a href="mailto:cgauthier@comscore.com" target="_blank"><strong><span style="font-family:"Arial",sans-serif;color:#444444;font-weight:normal;text-decoration:none">cgauthier@comscore.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:1.5pt 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444"><a href="http://www.comscore.com/" target="_blank"><strong><span style="font-family:"Arial",sans-serif;color:#0563C1;font-weight:normal;text-decoration:none">comscore.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:7.5pt 0in 1.5pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="500" style="width:375.0pt">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#444444">This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other
privilege. If you received this e-mail in error, please delete it from your system and notify sender.<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">-----Original Message-----<br>
From: Scott Granados <scott.granados@gmail.com><br>
Date: Friday, July 12, 2019 at 11:44 AM<br>
To: john heasley <heas@shrubbery.net><br>
Cc: "Gauthier, Chris" <cgauthier@comscore.com>, "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net><br>
Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup<br>
<br>
It’s not XML, it’s JSUN if I understand where you’re going with this.<br>
<br>
>From exec mode<br>
Set cli config-output-format default<br>
<br>
Also other variables here can be set for set form andother formats which you can select and display with a ? In the config-output-format parameter field.<br>
<br>
Thanks<br>
<br>
<br>
> On Jul 12, 2019, at 2:20 PM, john heasley <heas@shrubbery.net> wrote:<br>
> <br>
> Fri, Jul 12, 2019 at 06:15:39PM +0000, Gauthier, Chris:<br>
>> Rancid configs for PAN can NOT be used to restore the config, unless you cut and paste the configuration. This is because the native config files are stored in XML format and that is the format the Palo Alto utilities expect when performing restorations.<br>
>> <br>
> <br>
> so, store both in rancid. what is the cmd to retrieve the xml format?<br>
> <br>
> _______________________________________________<br>
> Rancid-discuss mailing list<br>
> Rancid-discuss@shrubbery.net<br>
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss&c=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,&typo=1<br>
<br>
<o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>