Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to configure the schedule configuration backup - Knowledge Base - Palo Alto Networks

How to configure the schedule configuration backup

16714
Created On 04/29/22 04:01 AM - Last Modified 01/04/23 04:25 AM


Objective


Preparing Panorama  for a scheduled configuration backup

 

Environment


  • Any Panorama
  • PAN-OS 8.1.x or above
  • SSH client software (similar to Openssh client for windows or SSH client software of MacOS / Linux)
  • OpenSSH server supporting secure copy (SCP)

Procedure


  1. Gather the public key from the remote secure copy (SCP) server. 
  • This can be obtained by running ssh-keyscan from the Linux or Mac host to get the RSA key from a remote OpenSSH Server supporting SCP.
  • The equivalent Microsoft Windows command is ssh-keyscan.exe which is only available after installing OpenSSH for windows. Replace x.y.z.q in the command with the server IP.
ssh-keyscan -4 -p 22 -t rsa x.y.z.q
x.y.z.q ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgdJ6N5SG+YFmBF7GGS/jtjvjIRmv85uO0+V0A6YsitlXqwBVkKl74PmUb9ZSTwwIi5Bef2bIesiDTnefbG8qRak+Eja0QpFwPS9tVpaF3G4FELyKjjbKzL8gORKQVHCRdLhVW8EpPQB7WuqjdVuCUQD9hyB9H6Urp/7vSpygyZTVeqJfx2A23FVxLmB+WzIdC4lwMbmhuvqTCZWzH6TXS+bOgkQQrsxtBbmhM9ozpDebdFYxQ2G1QNmzV9Q71gDwR5QybiyRCFdQpC33QDbntKSFdutcjp+yrV5rWm+U/30+33obMJHG8+R18EQHUBlRteaZfEuiyQ7CqGZqOUE0z
  1. Update the remote host public key to the Panorama or the firewall SCP client
  • Log into panorama or firewall command-line interface (CLI) and then execute the CLI command "test scp-server-connection confirm" command to install the ssh host key
admin@Panorama> test scp-server-connection confirm hostname x.y.z.q key "x.y.z.q ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgdJ6N5SG+YFmBF7GGS/jtjvjIRmv85uO0+V0A6YsitlXqwBVkKl74PmUb9ZSTwwIi5Bef2bIesiDTnefbG8qRak+Eja0QpFwPS9tVpaF3G4FELyKjjbKzL8gORKQVHCRdLhVW8EpPQB7WuqjdVuCUQD9hyB9H6Urp/7vSpygyZTVeqJfx2A23FVxLmB+WzIdC4lwMbmhuvqTCZWzH6TXS+bOgkQQrsxtBbmhM9ozpDebdFYxQ2G1QNmzV9Q71gDwR5QybiyRCFdQpC33QDbntKSFdutcjp+yrV5rWm+U/30+33o"

Installed ssh host key for x.y.z.q
  1. Test  the SCP server connection from the panorama or the firewall CLI
admin@Panorama> test scp-server-connection initiate hostname x.y.z.q username test password paloalto

SSH connection to x.y.z.q succeeded.
File ssh-export-test.txt created.
  1. Now the scheduled export can be done successfully using GUI: Panorama > Scheduled Config Export
 
 

Additional Information


The procedure is the same for Firewalls for Scheduled Log export.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,760
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OQ7CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language