[rancid] Restore a Palo Alto Firewall from a Rancid bacup
john heasley
heas at shrubbery.net
Mon Jul 15 22:00:30 UTC 2019
Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> On 7/12/19 14:15 , Gauthier, Chris wrote:
> > Rancid configs for PAN can NOT be used to restore the config, unless you
> > cut and paste the configuration. This is because the native config files
> > are stored in XML format and that is the format the Palo Alto utilities
> > expect when performing restorations.
>
> Having recently needed to deal with a bunch of PAs, I ran into that same
> issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> to simplify the process.
>
> RE the other question about Panorama vs device configs, if you're backing
> up your Panorama configuration (which has been fine via Rancid in my
How are you backing the Panorama configuration? is that just another
rancid 'paloalto' target?
> experience) as well as the base config on the device, you don't need to
> backup the merged configuration. And you probably shouldn't pull the
> merged config, for restore purposes, as anything other than the local
> device configuration will come from the Panorama templates once the device
> is replaced. Of course, the merged config might still be convenient to
> save to easily see the complete policy set active on a given box.
>
> -e
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
More information about the Rancid-discuss
mailing list