Palo Alto Panorama Configuration Retrieval

 

Extracting the configuration file from the Technical Support file.

This guide outlines retrieving the configuration file(s) from Panorama managed firewalls. You will be required to use a file archiver e.g. 7-zip/WinRAR which is capable of decompressing tar.gz archives.

Using HTTP(S)

We would recommend using HTTPS rather than HTTP for transferring your devices configuration as the latter provides no encryption. The procedure for getting the configuration from the device using HTTP(S) is as follows:

  1. Using your favorite web browser, connect to the HTTP(S) service provided by the Panorama managed firewall you wish to audit and sign in using an administrator account. (Note: you will need to connect individually to each managed firewall you wish to audit).

  2. Navigate to the Panorama tab, select the support option in the left hand menu and click Generate Tech Support File in the middle pane.

  1. Wait for the progress bar to complete.

  1. Once the progress bar has finished, click the Download Tech Support File link which is just below Generate Tech Support File.

  1. Once completed, extract the file with your archive manager.

  2. Within the archive, navigate to .\opt\pancfg\mgmt\saved-configs on Windows and ./opt/pancfg/mgmt/saved-configs on Linux". Copy the file running-config.xml to a directory on your workstation.

 

Note: You may wish to rename the XML file to reflect which device it has come from. You can now delete the rest of the technical support files.