[rancid] Restore a Palo Alto Firewall from a Rancid bacup
Erik Muller
erikm at buh.org
Fri Jul 12 19:18:34 UTC 2019
On 7/12/19 14:15 , Gauthier, Chris wrote:
> Rancid configs for PAN can NOT be used to restore the config, unless you
> cut and paste the configuration. This is because the native config files
> are stored in XML format and that is the format the Palo Alto utilities
> expect when performing restorations.
Having recently needed to deal with a bunch of PAs, I ran into that same
issue and ended up writing a tool (https://github.com/ermuller/bracematch)
to simplify the process.
RE the other question about Panorama vs device configs, if you're backing
up your Panorama configuration (which has been fine via Rancid in my
experience) as well as the base config on the device, you don't need to
backup the merged configuration. And you probably shouldn't pull the
merged config, for restore purposes, as anything other than the local
device configuration will come from the Panorama templates once the device
is replaced. Of course, the merged config might still be convenient to
save to easily see the complete policy set active on a given box.
-e
More information about the Rancid-discuss
mailing list