Bootstrap Configuration Files

The bootstrap package must include the basic configuration contained in the init-cfg.txt file in the /config folder; the complete configuration (contained in bootstrap.xml file in the /config folder) is optional. When you include both files in the bootstrap package, the firewall merges the configurations of those files and, if any configuration settings overlap between the two files, the firewall uses the setting defined in the init-cfg.txt file.
  • Basic Configuration—The init-cfg.txt file is a text file that contains basic initial configuration information. You can name this file generically as init-cfg.txt, or you can prepend the UUID or Serial number of each firewall to the filename to be more specific (for example: 0008C100105-init-cfg.txt). This file must include basic information for configuring the management interface on the firewall, such as the IP address type (static or DHCP), IP address (IPv4 only or both IPv4 and IPv6), netmask, and default gateway. The DNS server IP address, Panorama IP address and device group and template stack parameters are optional. When the firewall boots, it searches for a text file that matches its UUID or serial number and, if none is found, it searches using the generic filename. For a sample file, see Create the init-cfg.txt File.
    If you are using Panorama to manage your bootstrapped VM-Series firewalls:
    • You must generate a VM auth key on Panorama and include the key in the init-cfg.txt file. For more information, see Generate the VM Auth Key on Panorama.
    • The Panorama appliance that manages the firewalls must be in Panorama mode. If you use a Panorama appliance in Management-Only mode, firewall logs will be dropped because Panorama in Management-Only mode does not have a Log Collector Group that can store firewall logs.
  • Complete Configuration—The bootstrap.xml file allows you to fully configure the firewall. The bootstrap.xml file is optional. If you are not using Panorama to centrally manage your firewalls, the bootstrap.xml file provides a way to automate the process of deploying firewalls that are configured at launch. You can either define this manually or export the running configuration from an existing firewall and save the file as
    bootstrap.xml
    .
    If you include the bootstrap.xml file, make sure to export the XML file from a firewall of the same platform or hypervisor. If you provide the init-cfg.txt file and the bootstrap.xml file, the firewall merges the files into a running configuration as part of the bootstrap process and, if any settings overlap, the firewall will use the setting from the basic configuration file. See Create the bootstrap.xml File.

Related Documentation