1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Administer Panorama
    5. Manage Panorama and Firewall Configuration Backups
    6. Save and Export Panorama and Firewall Configurations

    Save and Export Panorama and Firewall Configurations

    Saving a backup of the candidate configuration to persistent storage on Panorama enables you to later restore that backup (see Revert Panorama Configuration Changes). Additionally, Panorama allows you to save and export the device group, template, and template stack configurations that you specify. This is useful for preserving changes that would otherwise be lost if a system event or administrator action causes Panorama to reboot. After rebooting, Panorama automatically reverts to the current version of the running configuration, which Panorama stores in a file named
    running-config.xml
    . Saving backups is also useful if you want to revert to a Panorama configuration that is earlier than the current running configuration. Panorama does not automatically save the candidate configuration to persistent storage. You must manually save the candidate configuration as a default snapshot file (
    .snapshot.xml
    ) or as a custom-named snapshot file. Panorama stores the snapshot file locally but you can export it to an external host.
    You don’t have to save a configuration backup to revert the changes made since the last commit or reboot; just select
    Config
    Revert Changes
     (see Revert Panorama Configuration Changes).
    Palo Alto Networks recommends that you back up any important configurations to an external host.
    1. Save changes to the candidate configuration.
      • To overwrite the default snapshot file (
        .snapshot.xml
        ) with all the changes that all administrators made, perform one of the following steps:
        • Select
          Panorama
          Setup
          Operations
           and
          Save candidate Panorama configuration
          .
        • Log in to Panorama with an administrative account that is assigned the Superuser role or an Admin Role profile with the
          Save For Other Admins
           privilege enabled. Then select
          Config
          Save Changes
           at the top of the web interface, select
          Save All Changes
           and
          Save
          .
      • To overwrite the default snapshot (
        .snapshot.xml
        ) with changes made by administrators to specific device group, template, or template stack configurations:
        1. Select
          Panorama
          Setup
          Operations
          ,
          Save candidate Panorama configuration
          , and
          Select Device Group & Templates
          .
        2. Select the specific device groups, templates, or template stacks to revert.
        3. Click
          OK
           to confirm the operation.
        4. (
          Optional
          ) Select
          Commit
          Commit to Panorama
           and
          Commit
           your changes to overwrite the running configuration with the snapshot.
      • To create a snapshot that includes all the changes that all administrators made but without overwriting the default snapshot file:
        1. Select
          Panorama
          Setup
          Operations
           and
          Save named Panorama configuration snapshot
          .
        2. Specify the
          Name
           of a new or existing configuration file.
        3. Click
          OK
           and
          Close
          .
      • To save only specific changes to the candidate configuration without overwriting any part of the default snapshot file:
        1. Log in to Panorama with an administrative account that has the role privileges required to save the desired changes.
        2. Select
          Config
          Save Changes
           at the top of the web interface.
        3. Select
          Save Changes Made By
          .
        4. To filter the Save Scope by administrator, click
          <
          administrator-name
          >
          , select the administrators, and click
          OK
          .
        5. To filter the Save Scope by location, clear any locations that you want to exclude. The locations can be specific device groups, templates, Collector Groups, Log Collectors, shared settings, or the Panorama management server.
        6. Click
          Save
          , specify the
          Name
           of a new or existing configuration file, and click
          OK
          .
      • To save a specific device group, template, or template stack configuration:
        1. Select
          Panorama
          Setup
          Operations
          ,
          Save named Panorama configuration snapshot
          , and
          Select Device Group & Templates
          .
        2. Select the specific device groups, templates, or template stacks to save.
        3. Click
          OK
           to confirm the operation.
    2. Export a candidate or running configuration to a host external to Panorama or to a firewall.
      You can schedule daily exports to an SCP or FTP server (see Schedule Export of Configuration Files) or export configurations on demand. To export on demand, select
      Panorama
      Setup
      Operations
       and select one of the following options:
      • Export named Panorama configuration snapshot
        —Export the current running configuration, a named candidate configuration snapshot, or a previously imported configuration (candidate or running). Panorama exports the configuration as an XML file with the
        Name
         you specify.
        Select Device Group & Templates
         to specify the device group, template, or template stack configurations to export.
      • Export Panorama configuration version
        —Select a
        Version
         of the running configuration to export as an XML file.
        Select Device Group & Templates
         to specify the device group, template, or template stack configurations to export as an XML file.
      • Export Panorama and devices config bundle
        —Generate and export the latest version of the running configuration backup of Panorama and of each managed firewall. To automate the process of creating and exporting the configuration bundle daily to a Secure Copy (SCP) or FTP server, see Schedule Export of Configuration Files.
      • Export or push device config bundle
        —After you import a firewall configuration into Panorama, Panorama creates a firewall configuration bundle named <firewall_name>_import.tgz, in which all local policies and objects are removed. You can then
        Export or push device config bundle
         to perform one of the following actions:
        • Push & Commit
           the configuration bundle to the firewall to remove any local configuration from it, enabling you to manage the firewall from Panorama.
        • Export
           the configuration to the firewall without loading it. When you are ready to load the configuration, log in to the firewall CLI and run the configuration mode command
          load device-state
          . This command cleans the firewall in the same way as the
          Push & Commit
           option.
      The full procedure to Transition a Firewall to Panorama Management requires additional steps.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo