We haven’t bothered with Panorama much because unlike the firewalls themselves the Panorama interface is very poor with screen readers and other accessibility technologies used.
In AWS we do a lot of exporting of configs and use S3 to bootstrap the virtual appliances so there may be a difference in what I’m working with. We can edit the configs in S3 and they an be automatically imported or grabbed on boot. On the hardware though I thought it was selectable. I’ll review the link you sent, thank you. Just queried my PA and the choices I have to export or import configs are JSUN, XML, SET or Default which looks like JSUN to me so not sure why that’s duplicated. I am just setting the CLI variable I assume you’re using a different mechanism that’s different. Thanks If you’re connecting via SSH and pulling the config I don’t see why you couldn’t set it to what ever format you wanted and then push with the correct flag set at the head of the request. > On Jul 12, 2019, at 2:56 PM, Gauthier, Chris <cgauth...@comscore.com> wrote: > > Exported config files are in XML format. Here is a link to the documentation. > Nowhere in their documentation does it reference using JSON as the format for > import/export. > > Also, Palo Alto has a "scheduled export" facility, especially if you are > using Panorama. We use RANCiD to track the changes more than anything, but > use the utility to auto-export configs. > > https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html > > --Chris > > > > > Chris Gauthier Senior Network Engineer | Comscore > t +1 (503) 331-2704 <tel:(503)%20331-2704> | > cgauth...@comscore.com <mailto:cgauth...@comscore.com> > comscore.com <http://www.comscore.com/> > This e-mail (including any attachments) may contain information that is > private, confidential, or protected by attorney-client or other privilege. If > you received this e-mail in error, please delete it from your system and > notify sender. > -----Original Message----- > From: Scott Granados <scott.grana...@gmail.com> > Date: Friday, July 12, 2019 at 11:44 AM > To: john heasley <h...@shrubbery.net> > Cc: "Gauthier, Chris" <cgauth...@comscore.com>, > "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net> > Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup > > It’s not XML, it’s JSUN if I understand where you’re going with this. > > From exec mode > Set cli config-output-format default > > Also other variables here can be set for set form andother formats which you > can select and display with a ? In the config-output-format parameter field. > > Thanks > > > > On Jul 12, 2019, at 2:20 PM, john heasley <h...@shrubbery.net> wrote: > > > > Fri, Jul 12, 2019 at 06:15:39PM +0000, Gauthier, Chris: > >> Rancid configs for PAN can NOT be used to restore the config, unless you > >> cut and paste the configuration. This is because the native config files > >> are stored in XML format and that is the format the Palo Alto utilities > >> expect when performing restorations. > >> > > > > so, store both in rancid. what is the cmd to retrieve the xml format? > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss@shrubbery.net > > https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss&c=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,&typo=1 > >
_______________________________________________ Rancid-discuss mailing list Rancid-discuss@shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss
