<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">We haven’t bothered with Panorama much because unlike the firewalls themselves the Panorama interface is very poor with screen readers and other accessibility technologies used.<div class=""><br class=""></div><div class="">In AWS we do a lot of exporting of configs and use S3 to bootstrap the virtual appliances so there may be a difference in what I’m working with. We can edit the configs in S3 and they an be automatically imported or grabbed on boot. On the hardware though I thought it was selectable. I’ll review the link you sent, thank you.</div><div class=""><br class=""></div><div class=""> Just queried my PA and the choices I have to export or import configs are JSUN, XML, SET or Default which looks like JSUN to me so not sure why that’s duplicated. I am just setting the CLI variable I assume you’re using a different mechanism that’s different.</div><div class=""><br class=""></div><div class="">Thanks</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">If you’re connecting via SSH and pulling the config I don’t see why you couldn’t set it to what ever format you wanted and then push with the correct flag set at the head of the request.</div><div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jul 12, 2019, at 2:56 PM, Gauthier, Chris <<a href="mailto:cgauthier@comscore.com" class="">cgauthier@comscore.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div class=""><div class="">Exported config files are in XML format. Here is a link to the documentation. Nowhere in their documentation does it reference using JSON as the format for import/export.<br class=""><br class="">Also, Palo Alto has a "scheduled export" facility, especially if you are using Panorama. We use RANCiD to track the changes more than anything, but use the utility to auto-export configs.<br class=""><br class=""><a href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html" class="">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html</a><br class=""><br class="">--Chris<br class=""><br class=""><br class=""><br class=""><div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;" class=""><table cellpadding="0" cellspacing="0" border="0" style="width:100%;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="padding:10px 0;vertical-align:middle;" class=""><table cellpadding="0" cellspacing="0" border="0" style="width:100%;font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#E43D30;font-style:normal;font-weight:400;white-space:nowrap;" class=""><tbody class=""><tr style="font-size:14.67px;" class=""><td align="left" style="vertical-align:top;font-family:Arial;font-weight:700;" class="">Chris<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;" class=""></span> </td><td align="left" style="vertical-align:top;font-family:Arial;font-weight:700;" class="">Gauthier</td><td align="left" style="vertical-align:top;color:#444444;font-family:Arial;" class=""> Senior Network Engineer</td><td align="left" style="vertical-align:top;font-family:Arial;" class=""> | </td><td align="left" style="vertical-align:top;color:#444444;font-family:Arial;" class="">Comscore<br class=""></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="padding:3px 0 0;vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#444444;font-style:normal;font-weight:400;white-space:nowrap;" class=""><tbody class=""><tr style="font-size:14.67px;" class=""><td align="left" style="vertical-align:top;font-family:Arial;" class="">t +1 <a href="tel:(503)%20331-2704" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#444444;" class=""><strong style="font-weight:400;" class="">(503) 331-2704</strong></a></td><td align="left" style="vertical-align:top;color:#E43D30;font-family:Arial;" class=""> | <br class=""></td><td align="left" style="vertical-align:top;font-family:Arial;" class=""><a href="mailto:cgauthier@comscore.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#444444;" class=""><strong style="font-weight:400;" class="">cgauthier@comscore.com</strong></a></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="padding:2px 0 0;vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#444444;font-style:normal;font-weight:400;white-space:nowrap;" class=""><tbody class=""><tr style="font-size:14.67px;" class=""><td align="left" style="vertical-align:top;font-family:Arial;" class=""><a href="http://www.comscore.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#0563C1;" class=""><strong style="font-weight:400;" class="">comscore.com</strong></a></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="padding:10px 0 2px;vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;" class=""><tbody class=""><tr style="font-size:0;" class=""><td align="left" style="vertical-align:top;" class=""><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:#444444;font-size:10.67px;font-family:Arial;font-weight:400;font-style:normal;text-align:justify;width:500px;" class=""><tbody class=""><tr style="font-size:10.67px;" class=""><td style="font-family:Arial;" class="">This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.</td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></div>-----Original Message-----<br class="">From: Scott Granados <scott.granados@gmail.com><br class="">Date: Friday, July 12, 2019 at 11:44 AM<br class="">To: john heasley <heas@shrubbery.net><br class="">Cc: "Gauthier, Chris" <cgauthier@comscore.com>, "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net><br class="">Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup<br class=""><br class="">It’s not XML, it’s JSUN if I understand where you’re going with this.<br class=""><br class="">From exec mode<br class="">Set cli config-output-format default<br class=""><br class="">Also other variables here can be set for set form andother formats which you can select and display with a ? In the config-output-format parameter field.<br class=""><br class="">Thanks<br class=""><br class=""><br class="">> On Jul 12, 2019, at 2:20 PM, john heasley <heas@shrubbery.net> wrote:<br class="">> <br class="">> Fri, Jul 12, 2019 at 06:15:39PM +0000, Gauthier, Chris:<br class="">>> Rancid configs for PAN can NOT be used to restore the config, unless you cut and paste the configuration. This is because the native config files are stored in XML format and that is the format the Palo Alto utilities expect when performing restorations.<br class="">>> <br class="">> <br class="">> so, store both in rancid. what is the cmd to retrieve the xml format?<br class="">> <br class="">> _______________________________________________<br class="">> Rancid-discuss mailing list<br class="">> Rancid-discuss@shrubbery.net<br class="">> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss&c=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,&typo=1<br class=""><br class=""><br class=""></div></div></div></blockquote></div><br class=""></div></body></html>