Palo Alto Partial Configuration Import

Sometimes it is useful to load part of a configuration from a file into the Palo Alto candidate configuration.

This command loads the shared configuration into the new path from an uploaded file.

load config partial from-xpath /config/shared/ to-xpath /config/shared mode merge from filename.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group from Old-Config.xml

The configuration within Panorama is quite a bit longer, and you’ll need to be mindful if you should import into the device group or the template as well of the pre or post-rulebase.

load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase to-xpath /config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='DG-Example']/pre-rulebase mode merge from Example.xml

Here is another example showing how to copy a template.

load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='Source'] to-xpath /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='Destination'] mode merge from Example.xml

Here is a full batch to import a few different areas from a configuration file:

load config partial from-xpath /config/shared/ to-xpath /config/shared mode merge from Old-Config.xml

load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/tag to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/tag from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/service to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/service from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/service-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/service-group from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profile-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profile-group from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/user-id-agent to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/user-id-agent from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/user-id-collector to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/user-id-collector from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/group-mapping to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/group-mapping from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application-group to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application-group from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/region to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/region from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/application from Old-Config.xml
load config partial from-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase to-xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase from Old-Config.xml

DavisSystem

Consolidated Notes From the Desk of Sean Davis.

Palo Alto Partial Configuration Import

By Sean, 2022-03-07