The running configuration on Panorama comprises all the settings that you have committed and that are therefore active. The candidate configuration is a copy of the running configuration plus any inactive changes that you made since the last commit. Backing up versions of the running or candidate configuration enables you to later restore those versions. For example, if a commit validation shows that the current candidate configuration has more errors than you want to fix, you can restore a previous candidate configuration or revert to the running configuration.
|
|
After a commit on a local firewall that runs PAN-OS 5.0 or later, a backup is sent of its running configuration to Panorama. Any commits performed on the local firewall will trigger the backup, including commits that an administrator performs locally on the firewall or automatic commits that PAN-OS initiates (such as an FQDN refresh). By default, Panorama stores up to 100 backups for each firewall, though this is configurable. To store Panorama and firewall configuration backups on an external host, you can schedule exports from Panorama or export on demand. You can also import configurations from firewalls into Panorama device groups and templates to
Transition a Firewall to Panorama Management .
