AWS Day One Config - PaloAltoNetworks/iron-skillet GitHub Wiki
Loading templates into AWS
Loading into AWS requires a minor variation of the full config file to element commit conflicts due to the device system settings for the management interface. All of the security elements are still provided without the management interface elements.
AWS Config File
Config file found here:
This uses the same template and has sections of the xml file remove due to the AWS deployment auto-configuring the management interface parameters. Typically this would be part of a bootstrap.xml load or the load config partial model can be used.
Load config partial commands
Import the configuration file into the firewall. Do not load. Instead use the commands below to load the template configuration elements.
Cut-and-paste from the table below into the PAN-OS command line while in configuration mode.
You can paste multiple items. The system will pause during each load config partial, return a status message, then move to the next load. When complete, ensure the final load is entered and a status message received.
Command line items |
---|
load config partial from aws_day_one_1.0.0.xml from-xpath /config/shared/log-settings to-xpath /config/shared/log-settings mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/tag to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/tag mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/system to-xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/system mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting to-xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/external-list to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/external-list mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profile-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profile-group mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/devices/entry[@name='localhost.localdomain']/network/profiles/zone-protection-profile to-xpath /config/devices/entry[@name='localhost.localdomain']/network/profiles/zone-protection-profile mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/shared/reports to-xpath /config/shared/reports mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/shared/report-group to-xpath /config/shared/report-group mode merge |
load config partial from aws_day_one_1.0.0.xml from-xpath /config/shared/email-scheduler to-xpath /config/shared/email-scheduler mode merge |