PCNSA 2.2

gray metal cubes decorative

Identify how to manage firewall configurations.

Palo Alto Networks PCNSA Study Guide v10

Manage Configurations Using Candidate and Running Configurations

Candidate Configurations: All changes to a firewall are made to a candidate configuration. This resides in memory on the control plane. A commit activates this configuration into the running configuration on the data plane.

Candidate configurations can also be saved as either a default snapshot (snapshot.xml) or a custom named snapshot file. You can also revert a candidate configuration to the last saved configuration or another saved configuration. Reverting does not commit the changes, you must press commit to make the changes to the active firewall configuration.

Running Configuration: The active configuration on the data plane in use by the firewall. The running configuration is saved in a file named running-config.xml. If a firewall is rebooted, it always boots to the last saved copy of the running configuration even if uncommitted changes exist.

Configuration Management:

Configurations can be managed using several methods.

  • Revert: Revert to last saved configuration or to the current running configuration
  • Save: Save named configuration or save a candidate configuration
  • Load: Load a named configuration
  • Export: Export a configuration or candidate configuration (backup)
  • Import: Import a previously exported configuration

Device State

Exporting the device state includes the configuration, Panorama groups and templates, and certificate information along with GlobalProtect information.

Importing the device state can be used to restore to a new firewall.