Load a Partial Configuration into Another Configuration Using Xpath
- Find the xpath values to use to load the partial configuration.
- Log in to the web interface on the device and go to the following URL:https://<device-ip-address>/api
- SelectConfiguration Commands.
- Drill down until you find the configuration object you want to load from one configuration to another.For example, to find the application group xpath on a multi-vsys firewall, you would select. After you drill down to the node you want to load, make note of the XPath that is displayed in the text box.Configuration Commandsdeviceslocalhost.localdomainvsys > <vsys-name>application-groupYou can also find the xpath from the CLI debug mode (use the operational mode commanddebug mode onto enable this), and then enter the configuration modeshowcommand that shows the object you are interested in copying. For example, to see the xpath for the application object configuration in vsys1, you would enter theshow vsys vsys1 applicationcommand. Look for the section of the output that begins with<requestcmd="get" obj=". This signals the beginning of the xpath. In the following example, the highlighted section is the xpath for the application objects in vsys1:admin@PA-3060#show vsys vsys1 application(container-tag: vsys container-tag: entry key-tag: name value: vsys1 container-tag: application) ((eol-matched: . #t) (eol-matched: . #t) (eol-matched: . #t) (xpath-prefix: . /config/devices/entry[@name='localhost.localdomain']) (context-inserted-at-end-p: . #f)) /usr/local/bin/pan_ms_client --config-mode=default --set-prefix='set vsys vsys1 ' --cookie=2588252477840140 <<'EOF' |/usr/bin/less -X -E -M <request cmd="get" obj="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application"></request> EOF
- After you find the xpath for the node you want to load, identify the appropriate from- and to- Xpath Location Formats Determined by Device Configuration to load the partial configuration.
- Use theload config partialcommand to copy sections of the configuration you just imported. For example, you would use the following command to load the application filters you configured on fw1 from a saved configuration file, fw1-config.xml, you imported from fw1 (a single-vsys firewall) to vsys3 on fw2. Notice that even though fw1 does not have multiple virtual system support, the xpath still points to the vsys1 (the default vsys ID on single-vsys firewalls):admin@fw2#load config partial mode merge from-xpath devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application-filter to-xpath/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys3']/application-filter from fw1-config.xmlThe quotation marks around the hostname and the vsys name (if applicable) must be neutral. The command will fail if there are opened or closed quotation marks.
Recommended For You
Recommended videos not found.