: Schedule Export of Configuration Files
Focus
Focus

Schedule Export of Configuration Files

Table of Contents

Schedule Export of Configuration Files

Panorama saves a backup of its running configuration as well as the running configurations of all managed firewalls. The backups are in XML format with file names that are based on serial numbers (of Panorama or the firewalls). Use these instructions to schedule daily exports of the backups to a remote host. Panorama exports the backups as a single gzip file. You require superuser privileges to schedule the export.
If Panorama has a high availability (HA) configuration, you must perform these instructions on each peer to ensure the scheduled exports continue after a failover. Panorama does not synchronize scheduled configuration exports between HA peers.
  1. (
    RHEL Server version 8.3 only
    ) Verify that for your RHEL server running version 8.3, set the
    ChallengeResponseAuthentication
    setting is
    no
    within the
    sshd_config
    file.
    Update to
    no
    if needed and then restart the SSH daemon. This setting is required to export configuration files to your RHEL server running version 8.3.
  2. Select
    Panorama
    Scheduled Config Export
    and click
    Add
    .
  3. Enter a
    Name
    and
    Description
    for the scheduled file export and
    Enable
    it.
  4. Using the 24-hour clock format, enter a daily
    Scheduled Export Start Time
    or select one from the drop-down.
    If you are configuring a scheduled export to two or more servers, stagger the start time of the scheduled exports. Scheduling multiple exports at the same start time results in discrepancies between the exported configurations.
  5. Set the export
    Protocol
    to Secure Copy (
    SCP
    ) or File Transfer Protocol (
    FTP
    ).
    Export to devices running Windows support only
    FTP
    .
  6. Enter the details for accessing the server, including:
    Hostname
    or IP address,
    Port
    ,
    Path
    for uploading the file,
    Username
    , and
    Password
    .
    The
    Path
    supports the following characters:
    .
    (period),
    +
    ,
    {
    and
    }
    ,
    /
    ,
    -
    ,
    _
    ,
    0
    -
    9
    ,
    a
    -
    z
    , and
    A
    -
    Z
    . Spaces are not supported in the file
    Path
    .
    If you are exporting to an FTP server using an IPv6 address as the
    Hostname
    , you must enter the address enclosed in square brackets ([ ]). For example,
    [2001:0db8:0000:0000:0000:8a2e:0370:7334]
    .
    If you are exporting to a BSD server, you will need to modify the SSHD password prompt to
    <username>@<hostname> <password>:
    .
  7. (
    SCP only
    ) Click
    Test SCP server connection
    . To enable the secure transfer of data, you must verify and accept the host key of the SCP server. Panorama doesn’t establish the connection until you accept the host key. If Panorama has an HA configuration, perform this step on each HA peer so that each one accepts the host key of the SCP server. If Panorama can successfully connect to the SCP server, it creates and uploads the test file named
    ssh-export-test.txt
    .
    (
    PAN-OS 9.1.16 and later releases
    ) A pop-up window is displayed requiring you to enter a clear text
    Password
    and then to
    Confirm Password
    in order to test the SCP server connection and enable the secure transfer of data.
    Panorama does not establish and test the SCP server connection until you enter and confirm the SCP server password. If Panorama has an HA configuration, perform this step on each HA peer so that each one can successfully connect to the SCP server. If Panorama can successfully connect to the SCP server, it creates and uploads the test file named
    ssh-export-test.txt
    .
  8. Click
    OK
    to save your changes.
  9. Select
    Commit
    Commit to Panorama
    and
    Commit
    your changes.

Recommended For You