Hi,
We use Inventory Manager to backup PA Firewalls here in corporate.
This is the script we use copy and paste this into a text. Take these script files save them in a text file and place them in the following path (if using linux based Netsight)
/NetSight/appdata/InventoryMgr/properties/devicefiles.
- This script shows how the pre-script and post-script sections of the DeviceFamilyDefinition file can be used.
-- This is only an example and not intended for use beyond that.
--
name="Palo Alto"
desc="Palo Alto SCP Script"
separator=UNIX_FILE_SEPARATOR
--
-----BEGIN PRE-SCRIPT "Configuration Upload"-----
Create /root/firmware/images/
-----END PRE-SCRIPT-----
-----BEGIN SCRIPT "Configuration Upload"-----
scp export configuration from running-config.xml to root@IpAddressOfServer:/root/configs/tmp
@receive 30
%SCP_PSWD%
@receive 60
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
100%
-----END SUCCESS-----
-----BEGIN POST-SCRIPT "Configuration Upload"-----
copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
-----END POST-SCRIPT-----
At Remote Sites where we do not have a management cable in the P.A Box we use this script.
name="Palo Alto SCP Remote Site"
desc="Palo Alto SCP Script for Rmt Site no management"
separator=UNIX_FILE_SEPARATOR
--
-----BEGIN PRE-SCRIPT "Configuration Upload"-----
Create /root/firmware/images/
-----END PRE-SCRIPT-----
-----BEGIN SCRIPT "Configuration Upload"-----
scp export configuration source-ip %DEVICEIP% to root@IpAddressOfServer:/root/configs/tmp from running-config.xml
@receive 30
%SCP_PSWD%
@receive 60
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
100%
-----END SUCCESS-----
-----BEGIN POST-SCRIPT "Configuration Upload"-----
copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
-----END POST-SCRIPT-----
Configure Device to use SCP as a backup
Then Select Applicable script
Unfortunately, the P.A. backup command doesn't give a way to name the output file. So Each P.A Box will need it's own archive and separate the archives by 5 minutes or so, not to overwrite the filenames. You can view the config file in inventory manager or oneview after the backup.
Hope this helps you. If any of it was unclear please let me know and I can elaborate a bit more.
We use Inventory Manager to backup PA Firewalls here in corporate.
This is the script we use copy and paste this into a text. Take these script files save them in a text file and place them in the following path (if using linux based Netsight)
/NetSight/appdata/InventoryMgr/properties/devicefiles.
- This script shows how the pre-script and post-script sections of the DeviceFamilyDefinition file can be used.
-- This is only an example and not intended for use beyond that.
--
name="Palo Alto"
desc="Palo Alto SCP Script"
separator=UNIX_FILE_SEPARATOR
--
-----BEGIN PRE-SCRIPT "Configuration Upload"-----
Create /root/firmware/images/
-----END PRE-SCRIPT-----
-----BEGIN SCRIPT "Configuration Upload"-----
scp export configuration from running-config.xml to root@IpAddressOfServer:/root/configs/tmp
@receive 30
%SCP_PSWD%
@receive 60
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
100%
-----END SUCCESS-----
-----BEGIN POST-SCRIPT "Configuration Upload"-----
copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
-----END POST-SCRIPT-----
At Remote Sites where we do not have a management cable in the P.A Box we use this script.
name="Palo Alto SCP Remote Site"
desc="Palo Alto SCP Script for Rmt Site no management"
separator=UNIX_FILE_SEPARATOR
--
-----BEGIN PRE-SCRIPT "Configuration Upload"-----
Create /root/firmware/images/
-----END PRE-SCRIPT-----
-----BEGIN SCRIPT "Configuration Upload"-----
scp export configuration source-ip %DEVICEIP% to root@IpAddressOfServer:/root/configs/tmp from running-config.xml
@receive 30
%SCP_PSWD%
@receive 60
exit
-----END SCRIPT-----
-----BEGIN SUCCESS "Configuration Upload"-----
100%
-----END SUCCESS-----
-----BEGIN POST-SCRIPT "Configuration Upload"-----
copy /root/configs/tmp/running-config.xml %ABSOLUTE_TARGET_FILE_PATH%
-----END POST-SCRIPT-----
Configure Device to use SCP as a backup
Then Select Applicable script
Unfortunately, the P.A. backup command doesn't give a way to name the output file. So Each P.A Box will need it's own archive and separate the archives by 5 minutes or so, not to overwrite the filenames. You can view the config file in inventory manager or oneview after the backup.
Hope this helps you. If any of it was unclear please let me know and I can elaborate a bit more.
