How to move or copy objects in configuration from one location to another

How to move or copy objects in configuration from one location to another

49948
Created On 09/25/18 17:15 PM - Last Modified 06/08/23 08:30 AM


Resolution


 

This article can help you:

  1. Move/copy all objects from one Device Group to another Device Group in Panorama
  2. Move/copy all objects from a Device Group to Shared or vice versa in Panorama
  3. Move/copying all objects from one Vsys to another Vsys on firewall
  4. Move/copy all objects from one Vsys to Shared
  5. Copy all objects from an external configuration to firewall configuration

Before you begin:  

  • Take a backup of your configuration 
  • Set commands from the CLI can also be used to the same effect, but setting and deleting commands are a lengthy task if there are a large number of objects.
  • This method can also be modified to import specific objects into the candidate configuration. 

Test Case: Moving all address objects from a device group to shared in Panorama

 

  1. Save the firewall/Panorama configuration snapshot locally. Go to Device > Setup > Operations > Choose 'Save named Panorama configuration snapshot'.

    Screen Shot 2016-02-01 at 1.59.53 pm.png 

     

  2. Open a web session to the firewall or Panorama's API browser:  https://<hostname>/api. In the example that follows, this is the Panorama API.

    Screen Shot 2016-02-01 at 2.03.15 pm.png

     

  3. Use the API browser to find the xml path (XPath) of the source and target elements. In the example below, one would have selected Configuration Commands > Devices > localhost.localdomain > device-group > PA200 > address in order to view that page.

     

    Screen Shot 2016-02-01 at 2.05.51 pm.png

    Note that from the XPath listed above, we identify the from-xpath to be used on the CLI. 

     

    from-xpath = devices/entry[@name='localhost.localdomain']/device-group/entry[@name='PA200']/address


    Notice the missing /config/ in the noted value of from-xpath.

     

    In the example below, one would have selected Configuration Commands > shared > address in order to view that page.

     

    Screen Shot 2016-02-01 at 2.08.38 pm.png

    Note that from the XPath above, we identify the to-xpath to be used on the CLI.

    to-xpath = /config/shared/address

  4. Log into the CLI and go into configuration mode. Execute the following command:

     

    # load config partial mode merge from <Snapshot Name> from-xpath <from-xpath> to-xpath <to-xpath>

     

    Example:

     

    admin@M-100-1 # load config partial mode merge from ConfigTest from-xpath devices/entry[@name='localhost.localdomain']/device-group/entry[@name='PA200']/address to-xpath /config/shared/address

     

    Config loaded from ConfigTest 

     

  5. Delete the config in the device group if required:


    Go the API browser and generate the API key:

    https://<hostname>/api/?type=keygen&user=username&password=password

    Screen Shot 2016-02-01 at 2.09.17 pm.png 

    Open a browser tab and delete all the addresses using the following XML API:

            

    https://<hostname>/api/?type=config&key=keyvalue&action=delete&xpath=<from-xpath>  
    This time you have to use /config/ since it's being directly deleted from the current candidate config.

     

    Screen Shot 2016-02-01 at 2.11.06 pm.png

     
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClENCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language