Save Candidate Configurations
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Save Candidate Configurations
Select ConfigSave Changes at the top right
of the firewall or Panorama web interface to save a new snapshot
file of the candidate configuration or to overwrite an existing configuration
file. If the firewall or Panorama reboots before you commit your
changes, you can then revert the candidate configuration to the
saved snapshot to restore changes you made after the last commit.
To revert to the snapshot, select DeviceSetupOperations and Load
named configuration snapshot. If you don’t revert to
the snapshot after a reboot, the candidate configuration will be
the same as the last committed configuration (the running configuration).
You can filter which configuration changes to save based on administrator
or location. The location can be specific virtual systems,
shared policies and objects, or shared device and network settings.
You should periodically save your changes
so that you don’t lose them if the firewall or Panorama reboots.
Saving your changes to the candidate configuration does
not activate those changes; you must Commit
Changes to activate them.
The Save Changes dialog displays the options described in the
following table:
Field/Button | Description |
---|---|
Save All Changes | Saves all changes for which you have administrative privileges
(default). You cannot manually filter the scope of the configuration
changes that the firewall saves when you select this option. Instead,
the administrator role assigned to the account you used to log in
determines the save scope:
If
you have implemented access domains, the firewall automatically
applies those domains to filter the save scope (see Device
> Access Domain). Regardless of your administrative role,
the firewall saves only the configuration changes in the access
domains assigned to your account. |
Save Changes Made
By | Filters the scope of the configuration changes
the firewall saves. The administrative role assigned to the account you
used to log in determines your filtering options:
Filter
the save scope as follows:
If you have implemented access domains,
the firewall automatically filters the save scope based on those
domains (see Device
> Access Domain). Regardless of your administrative role
and your filtering choices, the save scope includes only the configuration
changes in the access domains assigned to your account. |
Save Scope | Lists the locations that have changes to
save. Whether the list includes all changes or a subset of the changes depends
on several factors, as described for the Save
All Changes and Save
Changes Made By options. The locations can be any of the
following:
|
Location Type | This column categorizes the locations where
the changes were made:
|
Include in Save (Partial save only) | Enables you to select the changes you want
to save. By default, all changes within the Save Scope are
selected. This column displays only after you choose to Save
Changes Made By specific administrators. There
might be dependencies that affect the changes you include in a save.
For example, if you add an object and another administrator then
edits that object, you cannot save the change for the other administrator
without also saving your own change. |
Group by Location Type | Groups the list of configuration changes
in the Save Scope by Location
Type. |
Preview Changes | Enables you to compare the configurations
you selected in the Save Scope to the running
configuration. The preview window uses color coding to indicate
which changes are additions (green), modifications (yellow), or
deletions (red). To help you match the changes to sections
of the web interface, you can configure the preview window to display Lines
of Context before and after each change. These lines
are from the files of the candidate and running configurations that
you are comparing. Because the preview results display in
a new window, your browser must allow pop-up windows. If the preview
window does not open, refer to your browser documentation for the
steps to unblock pop-up windows. |
Change Summary | Lists the individual settings for which
you are saving changes. The Change Summary list
displays the following information for each setting:
Optionally,
you can Group By column name (such as Type). |
Save | Saves the selected changes to a configuration snapshot
file:
|