Automate backup for Palo Alto devices without scripts

• When adding a Palo Alto firewall, you need to use a super-user account. A read-only super-user account is sufficient for the default configuration backup, but not for the Device State backup.
• Note that backups may fail if the admin account on the device is configured with the default password.
• If you are adding a Panorama-managed Palo Alto firewall, you can also back up the state information, which includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information.
• When Panorama is selected, you should not select Device State for backup, because this configuration type is not available on the device.
• During a restore operation, Restorepoint will restore and commit the saved configuration.
• Restorepoint can back up the device either using the XML API over HTTPS, or an SSH connection. When using SSH, the device uses either SCP or TFTP to transfer its configuration to Restorepoint. Please ensure that ports 443/tcp (when using the API) or 22/tcp and 69/udp (when using SSH) are not blocked by any firewalls between Restorepoint and the device.
• Restorepoint can upgrade the PanOS software; this has been tested with PanOS 8.
• Restorepoint support real-time change detection using syslog. Before enabling this in the Restorepoint UI, you first need to define a Syslog Profile in the Palo Alto UI with the Restorepoint IP address (Device tab, Server Profiles→Syslog), then add this profle to the Configuration section in the Log Settings screen, so that any configuration change/commit sends a syslog message to Restorepoint.
• By default, the device uses the management interface to transfer its configuration via SCP/TFTP. If wanting to use a different interface, it must be specified by the source IP in the Source IP field in the Connection tab. This setting is ignored when using the XML API.

‍