SolarWinds Network Configuration Manager ( NCM) Download Now is my favorite tool to take configuration backup of network and network security devices.
As a Senior network security engineer, i had a good experience with SolarWinds NCM to backup all configuration in one centralized place instead of the device itself. This article was based on my home lab that I set up for this lab only.
Backup PaloAlto Configuration
Login in your Paloalto device and navigate to Device > Setup > Operations > SNMP Setup.
then you need to Setup your SNMP here, here i am going to use SNMPv3, enter your SNMP name and enter SNMP parameters like below screenshot.
and now navigate to Device > Setup > Managment > click on the gear icon on “Managment Interface Settings“.
and add your NCM IP here to allow through firewall
Now open the NCM dashboard, click on the Settings > Manage Nodes.
and click on the “Add Node”
and enter your device IP-address and SNMP device details, select SNMPv3 here
select SNMPv3 Authentication method as SHA1 and select encryption as AES128.
and Finally, click on the “Test” to test the SNMP test.
and most important part is “connection Profile“, enter your device static username and password and select SSH protocol and finally click on the “Test” to test the configuration backup here.
and now it’s time to schedule your backup by clicking on My Dashboard > Jobs.
and click on the “Create new Job” option to create your new job. Here you will get an option to scheduled your job.
and select the device that you want to backup. Select your Job and click on the “Start Job” option to start your job. it will store your backup under C \ Program Data\SolarWinds\NCM\Config archive.
Configuration Backup Of Checkpoint
All steps will be same in NCM, only you need to define SNMP here in Checkpoint Gateway
and Select “security Level” as authPriv.
Also, check How to Setup SolarWinds NCM Session Trace
Hope my article “Backup Palo Alto and Checkpoint Configuration with SolarWinds NCM” helps you to take configuration backup of Paloalto and checkpoint firewall.