![]() |
|
Document:Panorama™ Administrator’s Guide
Manage Panorama and Firewall Configuration Backups
Last Updated:
Thu May 07 10:13:53 PDT 2020
Table of Contents
Search the Table of Contents
-
- About Panorama
- Panorama Platforms
- Centralized Configuration and Deployment Management
- Context Switch—Firewall or Panorama
- Templates and Template Stacks
- Device Groups
- Centralized Logging and Reporting
- Panorama Commit and Validation Operations
- Role-Based Access Control
- Panorama Recommended Deployments
- Plan Your Deployment
- Deploy Panorama: Task Overview
-
- Determine Panorama Log Storage Requirements
- Set Up the Panorama Virtual Appliance
- Setup Prerequisites for the Panorama Virtual Appliance
- Install the Panorama Virtual Appliance
- Perform Initial Configuration of the Panorama Virtual Appliance
- Expand Log Storage Capacity on the Panorama Virtual Appliance
- Increase CPUs and Memory on the Panorama Virtual Appliance
- Complete the Panorama Virtual Appliance Setup
- Set Up the M-Series Appliance
- Perform Initial Configuration of the M-Series Appliance
- Set up the M-Series Appliance as a Log Collector
- Increase Storage on the M-Series Appliance
- Register Panorama and Install Licenses
- Install Content and Software Updates for Panorama
- Transition to a Different Panorama Platform
- Migrate from a Panorama Virtual Appliance to an M-Series Appliance
- Migrate from an M-Series Appliance to a Panorama Virtual Appliance
- Migrate from an M-100 Appliance to an M-500 Appliance
- Access and Navigate Panorama Management Interfaces
- Log in to the Panorama Web Interface
- Navigate the Panorama Web Interface
- Log in to the Panorama CLI
- Set Up Administrative Access to Panorama
- Configure an Admin Role Profile
- Configure an Access Domain
- Configure Administrative Accounts and Authentication
- Configure an Administrative Account
- Configure an Administrator with Kerberos SSO, External, or Local Authentication
- Configure an Administrator with Certificate-Based Authentication for the Web Interface
- Configure an Administrator with SSH Key-Based Authentication for the CLI
- Configure RADIUS Vendor-Specific Attributes for Administrator Authentication
-
- Add a Firewall as a Managed Device
- Manage Device Groups
- Add a Device Group
- Create a Device Group Hierarchy
- Create Objects for Use in Shared or Device Group Policy
- Revert to Inherited Object Values
- Manage Unused Shared Objects
- Manage Precedence of Inherited Objects
- Move or Clone a Policy Rule or Object to a Different Device Group
- Select a URL Filtering Vendor on Panorama
- Push a Policy Rule to a Subset of Firewalls
- Manage the Rule Hierarchy
- Manage Templates and Template Stacks
- Template Capabilities and Exceptions
- Add a Template
- Configure a Template Stack
- Override a Template Setting
- Disable/Remove Template Settings
- Transition a Firewall to Panorama Management
- Use Case: Configure Firewalls Using Panorama
-
- Configure a Managed Collector
- Manage Collector Groups
- Configure a Collector Group
- Move a Log Collector to a Different Collector Group
- Remove a Firewall from a Collector Group
- Configure Log Forwarding to Panorama
- Verify Log Forwarding to Panorama
- Modify Log Forwarding and Buffering Defaults
- Configure Log Forwarding from Panorama to External Destinations
- Log Collection Deployments
- Deploy Panorama with Dedicated Log Collectors
- Deploy Panorama with Default Log Collectors
- Deploy Panorama Virtual Appliances with Local Log Collection
-
- Manage Licenses on Firewalls Using Panorama
- Deploy Updates to Firewalls and Log Collectors Using Panorama
- Supported Updates
- Schedule a Content Update Using Panorama
- Deploy an Update to Log Collectors when Panorama is Internet-connected
- Deploy an Update to Log Collectors when Panorama is not Internet-connected
- Deploy an Update to Firewalls when Panorama is Internet-connected
- Deploy an Update to Firewalls when Panorama is not Internet-connected
-
- Panorama HA Prerequisites
- Priority and Failover on Panorama in HA
- Failover Triggers
- Logging Considerations in Panorama HA
- Synchronization Between Panorama HA Peers
- Manage a Panorama HA Pair
- Set Up HA on Panorama
- Test Panorama HA Failover
- Switch Priority after Panorama Failover to Resume NFS Logging
- Restore the Primary Panorama to the Active State
-
- Preview, Validate, or Commit Configuration Changes
- Manage Panorama and Firewall Configuration Backups
- Schedule Export of Configuration Files
- Back Up Panorama and Firewall Configurations
- Restore a Panorama Configuration
- Configure the Maximum Number of Configuration Backups on Panorama
- Load a Configuration Backup on a Managed Firewall
- Compare Changes in Panorama Configurations
- Manage Locks for Restricting Configuration Changes
- Add Custom Logos to Panorama
- Use the Panorama Task Manager
- Manage Storage Quotas and Expiration Periods for Logs and Reports
- Monitor Panorama
- Reboot or Shut Down Panorama
- Configure Panorama Password Profiles and Complexity
-
- Troubleshoot Panorama System Issues
- Generate Diagnostic Files for Panorama
- Diagnose Panorama Suspended State
- Monitor the File System Integrity Check
- Manage Panorama Storage for Software and Content Updates
- Recover from Split Brain in Panorama HA Deployments
- Troubleshoot Log Storage and Connection Issues
- Verify Panorama Port Usage
- Resolve Zero Log Storage for a Collector Group
- Replace a Failed Disk on an M-Series Appliance
- Replace the Virtual Disk on an ESXi Server
- Replace the Virtual Disk on vCloud Air
- Migrate Logs to a New M-Series Appliance in Log Collector Mode
- Migrate Logs to a New M-Series Appliance in Panorama Mode
- Migrate Log Collectors after Failure/RMA of Non-HA Panorama
- Regenerate Metadata for M-Series Appliance RAID Pairs
- Replace an RMA Firewall
- Troubleshoot Commit Failures
- Troubleshoot Registration or Serial Number Errors
- Troubleshoot Reporting Errors
- View Task Success or Failure Status
The running configuration on Panorama comprises all the settings that you have committed and that are therefore active. The candidate configuration is a copy of the running configuration plus any inactive changes that you made since the last commit. Backing up versions of the running or candidate configuration enables you to later restore those versions. For example, if a commit validation shows that the current candidate configuration has more errors than you want to fix, you can restore a previous candidate configuration or revert to the running configuration.
After a commit on a local firewall that runs PAN-OS 5.0 or later, a backup is sent of its running configuration to Panorama. Any commits performed on the local firewall will trigger the backup, including commits that an administrator performs locally on the firewall or automatic commits that PAN-OS initiates (such as an FQDN refresh). By default, Panorama stores up to 100 backups for each firewall, though this is configurable. To store Panorama and firewall configuration backups on an external host, you can schedule exports from Panorama or export on demand. You can also import configurations from firewalls into Panorama device groups and templates to
Transition a Firewall to Panorama Management .