How to Export Device State of Managed Firewalls from Panorama

How to Export Device State of Managed Firewalls from Panorama

30222
Created On 04/02/19 12:58 PM - Last Modified 01/25/20 03:25 AM


Objective
If for any reason the device state cannot be generated and exported out of the firewall, the device states of these firewalls can be generated and exported from the managing Panorama.

Environment
  • Any Panorama.
  • Any PAN-OS.


Procedure
  1. Save the device state from Panorama CLI using the command  “save device-state device <serial number>". The serial number at the end is the serial number of managed firewall. Note that you need to be in configure mode to run this command.
Example: Of the three managed devices, device state of serial number 0011000001 is generated on Panorama.
admin@panorama> configure
admin@panorama# save device-state device <tab>
  0011000001  0011000001
  0011000002  0011000002
  0011000003  0011000003
admin@panorama#save device-state device 0011000001

    Device state device_state_cfg.tgz created successfully
 
  1. Export the device state from Panorama using scp command  using  “scp export device-state device <serial number>

Example below: Replace the destination (pantac@<scpserverip>:/home/) to match your environment.

admin@panorama> scp export device-state device 0011000001 to pantac@<scpserverip>:/home/
<snip>
pantac@<scpserverip>'s password:
device_state_cfg.tgz


Additional Information
NOTE: There is no option on the Panorama web interface to export the generated device-state (CLI-based Exports Only).

If the firewall's web interface is available through Panorama context switching, the device state can be collected from the firewall's Device > Setup > Operations.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLN9CAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language