Save and Export Firewall Configurations
Saving a backup of the candidate configuration to persistent storage on the firewall enables you to later revert to that backup (see Revert Firewall Configuration Changes). This is useful for preserving changes that would otherwise be lost if a system event or administrator action causes the firewall to reboot. After rebooting, PAN-OS automatically reverts to the current version of the running configuration, which the firewall stores in a file named running-config.xml. Saving backups is also useful if you want to revert to a firewall configuration that is earlier than the current running configuration. The firewall does not automatically save the candidate configuration to persistent storage. You must manually save the candidate configuration as a default snapshot file (.snapshot.xml) or as a custom-named snapshot file. The firewall stores the snapshot file locally but you can export it to an external host.
You don’t have to save a configuration backup to revert the changes made since the last commit or reboot; just select ConfigRevert Changes (see Revert Firewall Configuration Changes).
When you edit a setting and click OK, the firewall updates the candidate configuration but does not save a backup snapshot.
Additionally, saving changes does not activate them. To activate changes, perform a commit (see Commit, Validate, and Preview Firewall Configuration Changes).
Palo Alto Networks recommends that you back up any important configuration to a host external to the firewall.
- Save a local backup snapshot of the candidate
configuration if it contains changes that you want to preserve in
the event the firewall reboots.These are changes you are not ready to commit—for example, changes you cannot finish in the current login session.To overwrite the default snapshot file (.snapshot.xml) with all the changes that all administrators made, perform one of the following steps:
To create a snapshot that includes all the changes that all administrators made but without overwriting the default snapshot file:
- Select DeviceSetupOperations and Save candidate configuration.
- Log in to the firewall with an administrative account that is assigned the Superuser role or an Admin Role profile with the Save For Other Admins privilege enabled. Then select ConfigSave Changes at the top of the web interface, select Save All Changes and Save.
To save only specific changes to the candidate configuration without overwriting any part of the default snapshot file:
- Select DeviceSetupOperations and Save named configuration snapshot.
- Specify the Name of a new or existing configuration file.
- Click OK and Close.
- Log in to the firewall with an administrative account that has the role privileges required to save the desired changes.
- Select ConfigSave Changes at the top of the web interface.
- Select Save Changes Made By.
- To filter the Save Scope by administrator, click <administrator-name>, select the administrators, and click OK.
- To filter the Save Scope by location, clear any locations that you want to exclude. The locations can be specific virtual systems, shared policies and objects, or shared device and network settings.
- Click Save, specify the Name of a new or existing configuration file, and click OK.
- Export a candidate configuration, a running configuration,
or the firewall state information to a host external to the firewall.Select DeviceSetupOperations and click an export option:
- Export named configuration snapshot—Export the current running configuration, a named candidate configuration snapshot, or a previously imported configuration (candidate or running). The firewall exports the configuration as an XML file with the Name you specify.
- Export configuration version—Select a Version of the running configuration to export as an XML file. The firewall creates a version whenever you commit configuration changes.
- Export device state—Export the firewall state information as a bundle. Besides the running configuration, the state information includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information. If you replace a firewall or portal, you can restore the exported information on the replacement by importing the state bundle.
Save and Export Panorama and Firewall Configurations
Save and Export Panorama and Firewall Configurations Saving a backup of the candidate configuration to persistent storage on Panorama enables you to later restore that ...
Revert Firewall Configuration Changes
Revert Firewall Configuration Changes Revert operations replace settings in the current candidate configuration with settings from another configuration. Reverting changes is useful when you want ...
Device > Setup > Operations
Device > Setup > Operations You can perform the following tasks to manage the running and candidate configurations of the firewall and Panorama™. If you’re ...
Revert Panorama Configuration Changes
Revert Panorama Configuration Changes When you revert changes, you are replacing settings in the current candidate configuration with settings from another configuration. Reverting changes is ...
Manage Configuration Backups
Manage Configuration Backups The running configuration on the firewall comprises all settings you have committed and that are therefore active, such as policy rules that ...
Save Candidate Configurations
Save Candidate Configurations Select Config Save Changes at the top right of the firewall or Panorama web interface to save a new snapshot file of ...
Manage Panorama and Firewall Configuration Backups
Manage Panorama and Firewall Configuration Backups The running configuration on Panorama comprises all the settings that you have committed and that are therefore active. The ...
Load a Configuration Backup on a Managed Firewall
Load a Configuration Backup on a Managed Firewall Use Panorama to load a configuration backup on a managed firewall. You can choose to revert to ...
Downgrade a Firewall to a Previous Feature Release
Downgrade a Firewall to a Previous Feature Release Use the following workflow to restore the configuration that was running before you upgraded to a different ...