Palo Alto Networks

From wikieduonline
Jump to navigation Jump to search

All Palo Alto Networks firewalls provide an out-of-band management port (MGT) that you can use to perform the firewall administration functions. By using the MGT port, you separate the management functions of the firewall from the data processing functions, safeguarding access to the firewall and enhancing performance

Manage Configuration Backups

The candidate configuration is a copy of the running configuration plus any inactive changes that you made after the last commit. Backing up versions of the running or candidate configuration enables you to later restore those versions on the firewall.

Back Up a Configuration

Creating configuration backups enables you to later Restore a Configuration. This is useful when you want to revert the firewall to all the settings of an earlier configuration because you can perform the restoration as a single operation instead of manually reconfiguring each setting in the current configuration.

Note: When you edit a setting and click OK, the firewall updates the candidate configuration but does not save a backup snapshot.

STEP 1

Save a local backup snapshot of the candidate configuration if it contains changes that you want to preserve in the event the firewall reboots. These are changes you are not ready to commit—for example, changes you cannot finish in the current login session.

Perform one of the following tasks based on whether you want to overwrite the default snapshot (.snapshot.xml) or create a snapshot with a custom name:

1. Overwrite the default snapshot—Click Save at the top of the web interface.

2. Create a custom-named snapshot:

  • Select Device > Setup > Operations and Save named configuration snapshot.
  • Enter a Name for the snapshot or select an existing snapshot to overwrite.
  • Click OK and Close.

STEP 2

Export a candidate configuration, a running configuration, or the firewall state information to a host external to the firewall.

Select Device > Setup > Operations and click an export option:

Export named configuration snapshot —Export the current running configuration, a named candidate configuration snapshot, or a previously imported configuration (candidate or running). The firewall exports the configuration as an XML file with the Name you specify.

Export configuration version —Select a Version of the running configuration to export as an XML file. The firewall creates a version whenever you commit configuration changes.

Export device state —Export the firewall state information as a bundle. Besides the running configuration, the state information includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information. If you replace a firewall or portal, you can restore the exported information on the replacement by importing the state bundle.

Restore a Configuration

This is useful when you want to revert all firewall settings used in an earlier configuration; you can perform this restoration as a single operation instead of manually reconfiguring each setting in the current configuration.

The firewall automatically saves a new version of the running configuration whenever you commit changes and you can restore any of those versions. However, you must manually save a candidate configuration to later restore it.

1. Restore the current running configuration. This operation undoes all the changes you made to the candidate configuration since the last commit.

  • Select Device > Setup > Operations and Revert to running configuration.
  • Click Yes to confirm the operation.

2. Restore the default snapshot of the candidate configuration. This is the snapshot that you create or overwrite when you click Save at the top right of the web interface.

  • Select Device > Setup > Operations and Revert to last saved configuration.
  • Click Yes to confirm the operation.
  • (Optional) Click Commit to overwrite the running configuration with the snapshot.

3. Restore a previous version of the running configuration that is stored on the firewall. The firewall creates a version whenever you commit configuration changes.

  • Select Device > Setup > Operations and Load configuration version.
  • Select a configuration Version and click OK.
  • (Optional) Click Commit to overwrite the running configuration with the version you just restored.

4. Restore one of the following: 5. Current running configuration (named running-config.xml) 6. Custom-named version of the running configuration that you previously imported 7. Custom-named candidate configuration snapshot (instead of the default snapshot)

  • Select Device > Setup > Operations and click Load named configuration snapshot.
  • Select the snapshot Name and click OK.
  • (Optional) Click Commit to overwrite the running configuration with the snapshot.

8. Restore a running or candidate configuration that you previously exported to an external host.

  • Select Device > Setup > Operations, click Import named configuration snapshot, Browse to the

configuration file on the external host, and click OK.

  • Click Load named configuration snapshot, select the Name of the configuration file you just imported, and click OK.
  • (Optional) Click Commit to overwrite the running configuration with the snapshot you just imported.

9. Restore state information that you exported from a firewall. Besides the running configuration, the state information includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information. If you replace a firewall or portal, you can restore the information on the replacement by importing the state bundle. Import state information:

  • Select Device > Setup > Operations, click Import device state, Browse to the state bundle, and click OK.
  • (Optional) Click Commit to apply the imported state information to the running configuration.

See also

Advertising: