This document describes how to maintain and use an On-Site-Spare (OSS) device.
Environment
Details
Backing up the production configuration
Regularly export/backup the existing configuration from the production unit. This can be done either the web UI or from a terminal software using scp or tftp.
For TFTP, run the following command: > tftp export configuration from running-config.xml to <IP-ADDRESS>
Note: The terminal software method can be scripted and run by a scheduled task.
Maintaining the OSS device
The following steps will keep the OSS on the same PAN-OS release as the production device. Perform these steps each time the production device is upgraded.
Upload the downloaded PAN-OS to the device and install
Bringing the OSS device into production
The following steps will configure the OSS device to be identical to the original production device. The device should be managed from the IP address of the original production device.
Have the device mounted and configured with
An IP on the management port,
Trust and untrust interfaces
Rule that allows all traffic from trust to untrust
Necessary NAT rule
Plug the cables from the previous production device into the OSS
Device > Setup > Operations > Import named configuration snapshot. Important: The named configuration snapshot should not be named "running-config.xml", as this will cause a conflict on the device and may require a reset to factory default settings.
Load the imported configuration snapshot:
Device > Setup > Operations > Load named configuration snapshot