>
    Revert Firewall Configuration Changes
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Firewall Administration
    4. Manage Configuration Backups
    5. Revert Firewall Configuration Changes
    Download PDF

    Revert Firewall Configuration Changes

    Table of Contents

    Revert Firewall Configuration Changes

    Revert operations replace settings in the current candidate configuration with settings from another configuration. Reverting changes is useful when you want to undo changes to multiple settings as a single operation instead of manually reconfiguring each setting.
    You can revert pending changes that were made to the firewall configuration since the last commit. The firewall provides the option to filter the pending changes by administrator or location. The locations can be specific virtual systems, shared policies and objects, or shared device and network settings. If you saved a snapshot file for a candidate configuration that is earlier than the current running configuration (see Save and Export Firewall Configurations), you can also revert to that snapshot. Reverting to a snapshot enables you to restore a candidate configuration that existed before the last commit. The firewall automatically saves a new version of the running configuration whenever you commit changes, and you can restore any of those versions.
    • Revert to the current running configuration (file named running-config.xml).
      This operation undoes changes you made to the candidate configuration since the last commit.
      To revert all the changes that all administrators made, perform one of the following steps:
      • Select DeviceSetupOperations, Revert to running configuration, and click Yes to confirm the operation.
      • Log in to the firewall with an administrative account that is assigned the Superuser role or an Admin Role profile with the Commit For Other Admins privilege enabled. Then select ConfigRevert Changes at the top of the web interface, select Revert All Changes and Revert.
      To revert only specific changes to the candidate configuration:
      1. Log in to the firewall with an administrative account that has the role privileges required to revert the desired changes.
        The privileges that control commit operations also control revert operations.
      2. Select ConfigRevert Changes at the top of the web interface.
      3. Select Revert Changes Made By.
      4. To filter the Revert Scope by administrator, click <administrator-name>, select the administrators, and click OK.
      5. To filter the Revert Scope by location, clear any locations that you want to exclude.
      6. Revert the changes.
    • Revert to the default snapshot of the candidate configuration.
      This is the snapshot that you create or overwrite when you click ConfigSave Changes at the top of the web interface.
      1. Select DeviceSetupOperations and Revert to last saved configuration.
      2. Click Yes to confirm the operation.
      3. (Optional) Click Commit to overwrite the running configuration with the snapshot.
    • Revert to a previous version of the running configuration that is stored on the firewall.
      The firewall creates a version whenever you commit configuration changes.
      1. Select DeviceSetupOperations and Load configuration version.
      2. Select a configuration Version and click OK.
      3. (Optional) Click Commit to overwrite the running configuration with the version you just restored.
    • Revert to one of the following:
      • Custom-named version of the running configuration that you previously imported
      • Custom-named candidate configuration snapshot (instead of the default snapshot)
      1. Select DeviceSetupOperations and click Load named configuration snapshot.
      2. Select the snapshot Name and click OK.
      3. (Optional) Click Commit to overwrite the running configuration with the snapshot.
    • Revert to a running or candidate configuration that you previously exported to an external host.
      1. Select DeviceSetupOperations, click Import named configuration snapshot, Browse to the configuration file on the external host, and click OK.
      2. Click Load named configuration snapshot, select the Name of the configuration file you just imported, and click OK.
      3. (Optional) Click Commit to overwrite the running configuration with the snapshot you just imported.
    • Restore state information that you exported from a firewall.
      Besides the running configuration, the state information includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information. If you replace a firewall or portal, can you can restore the information on the replacement by importing the state bundle.
      Import state information:
      1. Select DeviceSetupOperations, click Import device state, Browse to the state bundle, and click OK.
      2. (Optional) Click Commit to apply the imported state information to the running configuration.

    © 2024 Palo Alto Networks, Inc. All rights reserved.