Wednesday, 7 August 2024

backup config on palo alto

There are a few options:

  • Panorama (I don't use it)
  • API call with curl
  • Cattools

API with curl

https://smartnets.wordpress.com/2017/06/06/automated-configuration-backup-of-palo-alto-firewalls-without-using-a-panorama/


Create an admin role / profile for an api-user, only give read/api access, no web gui access.

Create an api-user, set password and set profile to admin role > api-profile

Generate API key for that user:

curl -k "https://FIREWALL_IP/api/?type=keygen&user=api-user&password=api-password"

Save your key somewhere safe

You can download config via

curl -k -o running-config.xml "https://$FIREWALL_IP/api/type=export&category=configuration&key=$API_KEY"


Cattools

It's also possible to use kiwi cat tools to download the config but it gives it to you in the command/set format. I'm not sure if this can be restored as easy but I will look into it.

Create you device

  • Choose palo alto, palo alto FW
  • Name
  • IP
  • Direct connect
  • SSH
  • port 22

On passwords tab, fill in

  • SSH username
  • SSH Password
  • Tick initial login requires username/password

Leave prompts tab blank

Run a test backup on just this device with debug logging enabled

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)