Wednesday 7 August 2024

backup config on palo alto

There are a few options:

  • Panorama (I don't use it)
  • API call with curl
  • Cattools

API with curl

https://smartnets.wordpress.com/2017/06/06/automated-configuration-backup-of-palo-alto-firewalls-without-using-a-panorama/


Create an admin role / profile for an api-user, only give read/api access, no web gui access.

Create an api-user, set password and set profile to admin role > api-profile

Generate API key for that user:

curl -k "https://FIREWALL_IP/api/?type=keygen&user=api-user&password=api-password"

Save your key somewhere safe

You can download config via

curl -k -o running-config.xml "https://$FIREWALL_IP/api/type=export&category=configuration&key=$API_KEY"


Cattools

It's also possible to use kiwi cat tools to download the config but it gives it to you in the command/set format. I'm not sure if this can be restored as easy but I will look into it.

Create you device

  • Choose palo alto, palo alto FW
  • Name
  • IP
  • Direct connect
  • SSH
  • port 22

On passwords tab, fill in

  • SSH username
  • SSH Password
  • Tick initial login requires username/password

Leave prompts tab blank

Run a test backup on just this device with debug logging enabled

Posted by at No comments:

POE standards


POE (802.3af)

POE+ (802.3at)

POE+UPOE (802.3bt)

High power POE (802.3bt)


 https://planetechusa.com/ieee-802-3bt-type-4-hi-poe/


We can see new devices not work or go into low power mode if the POE switch they are plugged into is too old/doesn't have new standards / enough juice.

Posted by at No comments:
Subscribe to: Posts (Atom)