Panorama Administrator's Guide
    : Schedule Export of Configuration Files
    Focus
    Download PDF
    Focus
    1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Administer Panorama
    5. Manage Panorama and Firewall Configuration Backups
    6. Schedule Export of Configuration Files
    Download PDF

    Panorama Administrator's Guide

    Schedule Export of Configuration Files

    Table of Contents

    Schedule Export of Configuration Files

    Panorama saves a backup of its running configuration as well as the running configurations of all managed firewalls. The backups are in XML format with file names that are based on serial numbers (of Panorama or the firewalls). Use these instructions to schedule daily exports of the backups to a remote host. Panorama exports the backups as a single gzip file. You require superuser privileges to schedule the export.
    If Panorama has a high availability (HA) configuration, you must perform these instructions on each peer to ensure the scheduled exports continue after a failover. Panorama does not synchronize scheduled configuration exports between HA peers.
    To export backups on demand, see Save and Export Panorama and Firewall Configurations.
    1. (RHEL Server version 8.3 only) Verify that for your RHEL server running version 8.3, set the ChallengeResponseAuthentication setting is no within the sshd_config file.
      Update to no if needed and then restart the SSH daemon. This setting is required to export configuration files to your RHEL server running version 8.3.
    2. Select PanoramaScheduled Config Export and click Add.
    3. Enter a Name and Description for the scheduled file export and Enable it.
    4. Using the 24-hour clock format, enter a daily Scheduled Export Start Time or select one from the drop-down.
      If you are configuring a scheduled export to two or more servers, stagger the start time of the scheduled exports. Scheduling multiple exports at the same start time results in discrepancies between the exported configurations.
    5. Set the export Protocol to Secure Copy (SCP) or File Transfer Protocol (FTP).
      Export to devices running Windows support only FTP.
    6. Enter the details for accessing the server, including: Hostname or IP address, Port, Path for uploading the file, Username, and Password.
      The Path supports the following characters: .(period), +, { and }, /, -, _, 0-9, a-z, and A-Z. Spaces are not supported in the file Path.
      If you are exporting to an FTP server using an IPv6 address as the Hostname, you must enter the address enclosed in square brackets ([ ]). For example, [2001:0db8:0000:0000:0000:8a2e:0370:7334].
      If you are exporting to a BSD server, you will need to modify the SSHD password prompt to <username>@<hostname> <password>: .
    7. (SCP only) Click Test SCP server connection. To enable the secure transfer of data, you must verify and accept the host key of the SCP server. Panorama doesn’t establish the connection until you accept the host key. If Panorama has an HA configuration, perform this step on each HA peer so that each one accepts the host key of the SCP server. If Panorama can successfully connect to the SCP server, it creates and uploads the test file named ssh-export-test.txt.
      (PAN-OS 10.2.4 and later releases) A pop-up window is displayed requiring you to enter a clear text Passwordand then to Confirm Password in order to test the SCP server connection and enable the secure transfer of data.
      Panorama does not establish and test the SCP server connection until you enter and confirm the SCP server password. If Panorama has an HA configuration, perform this step on each HA peer so that each one can successfully connect to the SCP server. If Panorama can successfully connect to the SCP server, it creates and uploads the test file named ssh-export-test.txt.
    8. Click OK to save your changes.
    9. Select CommitCommit to Panorama and Commit your changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.