How to Export Device State of Managed Firewalls from Panorama

How to Export Device State of Managed Firewalls from Panorama

Created On 04/02/19 12:58 PM - Last Modified 01/25/20 03:25 AM

If for any reason the device state cannot be generated and exported out of the firewall, the device states of these firewalls can be generated and exported from the managing Panorama.

  • Any Panorama.
  • Any PAN-OS.

  1. Save the device state from Panorama CLI using the command  “save device-state device <serial number>". The serial number at the end is the serial number of managed firewall. Note that you need to be in configure mode to run this command.
Example: Of the three managed devices, device state of serial number 0011000001 is generated on Panorama.
admin@panorama> configure
admin@panorama# save device-state device <tab>
  0011000001  0011000001
  0011000002  0011000002
  0011000003  0011000003
admin@panorama#save device-state device 0011000001

    Device state device_state_cfg.tgz created successfully
  1. Export the device state from Panorama using scp command  using  “scp export device-state device <serial number>

Example below: Replace the destination (pantac@<scpserverip>:/home/) to match your environment.

admin@panorama> scp export device-state device 0011000001 to pantac@<scpserverip>:/home/
pantac@<scpserverip>'s password:

Additional Information
NOTE: There is no option on the Panorama web interface to export the generated device-state (CLI-based Exports Only).

If the firewall's web interface is available through Panorama context switching, the device state can be collected from the firewall's Device > Setup > Operations.

  • Print
  • Copy Link

Choose Language