ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Using Netsight to backup Palo Alto firewalls configuration

  • 1.  Using Netsight to backup Palo Alto firewalls configuration

    Posted 01-05-2015 14:08
    Has anyone used Netsight to setup the automatic backup of Palo Alto firewalls configuration files? If so would you be willing to provide setup instructions? Thanks


  • 2.  RE: Using Netsight to backup Palo Alto firewalls configuration

    Posted 01-06-2015 14:29
    Hi,
    We use Inventory Manager to backup PA Firewalls here in corporate.

    This is the script we use copy and paste this into a text. Take these script files save them in a text file and place them in the following path (if using linux based Netsight)
    /NetSight/appdata/InventoryMgr/properties/devicefiles.

    - This script shows how the pre-script and post-script sections of the DeviceFamilyDefinition file can be used.
    -- This is only an example and not intended for use beyond that.
    --
    name="Palo Alto"
    desc="Palo Alto SCP Script"
    separator=UNIX_FILE_SEPARATOR
    --
    -----BEGIN PRE-SCRIPT "Configuration Upload"-----
    Create /root/firmware/images/
    -----END PRE-SCRIPT-----
    -----BEGIN SCRIPT "Configuration Upload"-----
    scp export configuration from running-config.xml to root@IpAddressOfServer:/root/configs/tmp
    @receive 30
    %SCP_PSWD%
    @receive 60
    exit
    -----END SCRIPT-----
    -----BEGIN SUCCESS "Configuration Upload"-----
    100%
    -----END SUCCESS-----
    -----BEGIN POST-SCRIPT "Configuration Upload"-----
    copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
    -----END POST-SCRIPT-----

    At Remote Sites where we do not have a management cable in the P.A Box we use this script.

    name="Palo Alto SCP Remote Site"
    desc="Palo Alto SCP Script for Rmt Site no management"
    separator=UNIX_FILE_SEPARATOR
    --
    -----BEGIN PRE-SCRIPT "Configuration Upload"-----
    Create /root/firmware/images/
    -----END PRE-SCRIPT-----
    -----BEGIN SCRIPT "Configuration Upload"-----
    scp export configuration source-ip %DEVICEIP% to root@IpAddressOfServer:/root/configs/tmp from running-config.xml
    @receive 30
    %SCP_PSWD%
    @receive 60
    exit
    -----END SCRIPT-----
    -----BEGIN SUCCESS "Configuration Upload"-----
    100%
    -----END SUCCESS-----
    -----BEGIN POST-SCRIPT "Configuration Upload"-----
    copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
    -----END POST-SCRIPT-----

    Configure Device to use SCP as a backup



    Then Select Applicable script



    Unfortunately, the P.A. backup command doesn't give a way to name the output file. So Each P.A Box will need it's own archive and separate the archives by 5 minutes or so, not to overwrite the filenames. You can view the config file in inventory manager or oneview after the backup.



    Hope this helps you. If any of it was unclear please let me know and I can elaborate a bit more.



  • 3.  RE: Using Netsight to backup Palo Alto firewalls configuration

    Posted 01-06-2015 14:35
    That helps a lot. Thank you.