[rancid] Restore a Palo Alto Firewall from a Rancid bacup

Gauthier, Chris cgauthier at comscore.com
Fri Jul 12 18:56:35 UTC 2019


Exported config files are in XML format.  Here is a link to the documentation.  Nowhere in their documentation does it reference using JSON as the format for import/export.

Also, Palo Alto has a "scheduled export" facility, especially if you are using Panorama.  We use RANCiD to track the changes more than anything, but use the utility to auto-export configs.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html

--Chris




Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 | 
cgauthier at comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system and notify sender.
-----Original Message-----
From: Scott Granados <scott.granados at gmail.com>
Date: Friday, July 12, 2019 at 11:44 AM
To: john heasley <heas at shrubbery.net>
Cc: "Gauthier, Chris" <cgauthier at comscore.com>, "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

It’s not XML, it’s JSUN if I understand where you’re going with this.

>From exec mode
Set cli config-output-format default

Also other variables here can be set for set form andother formats which you can select and display with a ? In the config-output-format parameter field.

Thanks


> On Jul 12, 2019, at 2:20 PM, john heasley <heas at shrubbery.net> wrote:
> 
> Fri, Jul 12, 2019 at 06:15:39PM +0000, Gauthier, Chris:
>> Rancid configs for PAN can NOT be used to restore the config, unless you cut and paste the configuration.  This is because the native config files are stored in XML format and that is the format the Palo Alto utilities expect when performing restorations.
>> 
> 
> so, store both in rancid.  what is the cmd to retrieve the xml format?
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss&c=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,&typo=1


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20190712/ed19331d/attachment.html>


More information about the Rancid-discuss mailing list