PAN-OS CLI Quick Start
    : Load a Partial Configuration into Another Configuration Using Xpath Values
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS CLI Quick Start
    4. Use the CLI
    5. Load Configurations
    6. Load a Partial Configuration
    7. Load a Partial Configuration into Another Configuration Using Xpath Values
    Download PDF

    PAN-OS CLI Quick Start

    Load a Partial Configuration into Another Configuration Using Xpath Values

    Table of Contents
    End-of-Life (EoL)

    Load a Partial Configuration into Another Configuration Using Xpath Values

    1. Find the xpath values to use to load the partial configuration.
      1. Log in to the web interface on the device and go to the following URL:
        https://<device-ip-address>/api
      2. Select Configuration Commands.
      3. Drill down until you find the configuration object you want to load from one configuration to another.
        For example, to find the application group xpath on a multi-vsys firewall, you would select Configuration Commandsdeviceslocalhost.localdomainvsys > <vsys-name>application-group. After you drill down to the node you want to load, make note of the XPath that is displayed in the text box.
        You can also find the xpath from the CLI debug mode (use the operational mode command debug mode on to enable this), and then enter the configuration mode show command that shows the object you are interested in copying. For example, to see the xpath for the application object configuration in vsys1, you would enter the show vsys vsys1 application command. Look for the section of the output that begins with <requestcmd="get" obj=". This signals the beginning of the xpath. In the following example, the highlighted section is the xpath for the application objects in vsys1:
        admin@PA-3060# show vsys vsys1 application 
(container-tag: vsys container-tag: entry key-tag: name value: vsys1 container-tag: application) 
((eol-matched: . #t) (eol-matched: . #t) (eol-matched: . #t) (xpath-prefix: . /config/devices/entry[@name='localhost.localdomain']) (context-inserted-at-end-p: . #f)) 
/usr/local/bin/pan_ms_client --config-mode=default --set-prefix='set vsys vsys1 ' --cookie=2588252477840140 <<'EOF' |/usr/bin/less -X -E -M 
<request cmd="get" obj="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application"></request> 
EOF
      4. After you find the xpath for the node you want to load, identify the appropriate from- and to- Xpath Location Formats Determined by Device Configuration to load the partial configuration.
    2. Use the load config partial command to copy sections of the configuration you just imported. For example, you would use the following command to load the application filters you configured on fw1 from a saved configuration file, fw1-config.xml, you imported from fw1 (a single-vsys firewall) to vsys3 on fw2. Notice that even though fw1 does not have multiple virtual system support, the xpath still points to the vsys1 (the default vsys ID on single-vsys firewalls):
      admin@fw2# load config partial mode merge from-xpath devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application-filter to-xpath/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys3']/application-filter from fw1-config.xml
      The quotation marks around the hostname and the vsys name (if applicable) must be neutral. The command will fail if there are opened or closed quotation marks.
    3. Commit Configuration Changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.