Forum Discussion

Clinansmith's avatar
Clinansmith
5 years ago

Palo Alto Config Restore from LM backup file

This weekend I had a problem with one of my Palo Alto Firewalls.  Luckily I wasn't concerned because I had LM backing up my config all the time.  Unfortunately although the data is there, I could not get it into a format that I could load back into the firewall.  Has anybody successfully done this?  Any hints?

Thanks

What I've tried:

  1. 1. Download the file in *.conf format.  Imports in but won't load.
  2. 2. Download *.conf and then change the extension to .xml.  Imports but won't load.  XML file is viewable in a browser fine.
  3. 3.  The exports from a PA firewall have no file extension so I downloaded the .conf and removed it.  imports but won't load.
  4. 4. Copied and pasted all the lines from the LM console into Notepad++ and then remove the line numbers from all the lines.  I tried saving as xml and dropping the file extenstion.  It imports but won't load.  
  • mhashemi's avatar
    mhashemi
    5 years ago

    I don't have a device against which to test, but it looks like Palo Alto firewalls need a valid .xml file. You could export from the UI and compare that file format to the downloaded CS backup from LM.

  • Clinansmith's avatar
    Clinansmith
    5 years ago

    My LM rep was able to run this by the internal support people and got me the following answer.  I hope this helps somebody else in the future till they fix this.

     

    Quote
    I was able to chase down this issue with our dev team, and it looks like with PA the config that LM exports does have a few formatting issues that need to be resolved before it can be uploaded.  Please see attached 2 files that show the difference between the config as exported from LogicMonitor (left) and PA (right).  One file covers the header, and the second the footer, showing the changes that need to be applied.
     
    My understanding had been that our PA config support should cover this out of the box, so I am submitting an internal ticket to have this misalignment corrected, but in the meantime I hope that these comparisons show you the specific edits needed.