Secure Copy (SCP) is a convenient way to import and export files onto or off of a Palo Alto Networks device. For, example, you can use SCP to upload a new OS version to a device that does not have Internet access, or you can export a configuration or logs from one device to import on another. The SCP commands require that you have an account (username and password) on the SCP server.
Because the file for the entire log database is too large for an export or import to be practical on the following platforms, they do not support the scp export logdb or scp import logdb commands: Panorama virtual appliance running Panorama 6.0 or later releases, Panorama M-Series appliances (all releases), and PA-7000 Series firewall (all releases).
Export a Saved Configuration from One Firewall and Import it into Another
After you import the saved configuration, you can then Load a Partial Configuration from the first firewall onto the second firewall.
Export and Import Configurations
On the first firewall, save the current configuration to a named configuration snapshot using the save config to <filename> command in configuration mode. For example: admin@PA-fw1# save config to fw1-config
Export the named configuration snapshot and log database to an SCP-enabled server using the scp export command in operational mode. When prompted, enter the password for your SCP server account. admin@fw1> scp export configuration from <named-config-file> to <username@host:path> For an SCP server running on Windows, the destination folder/filename path for both the export and import commands requires a drive letter followed by a colon. For example: admin@fw1> scp export configuration from fw1-config.xml to ccrisp@10.10.10.5: c: /fw-config
Log in to the firewall to which you want to copy the configuration and logs, and then import the configuration snapshot and log database. When prompted, enter the password for your SCP server account. admin@fw2> scp import configuration from <username@host:path_to_named-config-file> For example (on a Windows-based SCP server): admin@fw2> scp import configuration from ccrisp@10.10.10.5: c: /fw-configs/fw1-config.xml
Export and Import a Complete Log Database (logdb)
Import or Export the Log Database
Export a log database to an SCP-enabled server using the scp export command in operational mode. When prompted, enter the password for your SCP server account. admin@fw1> scp export logdb to <username@host:path_to_destination_filename> For an SCP server running on Windows, the destination folder/filename path for both the export and import commands requires a drive letter followed by a colon. For example: admin@fw1> s cp export logdb to ccrisp@10.10.10.5: c: /fw-logs/fw1-logdb
Log in to the firewall on which to import a log database, and then enter the import command. When prompted, enter the password for your SCP server account. admin@fw2> scp import logdb from <username@host:path_to_destination_filename> For example (on a Windows-based SCP server): admin@fw2> scp import logdb from ccrisp@10.10.10.5: c: /fw-logs/fw1-logdb

Related Documentation