Skip to main content

Panorama Disaster Recovery

This guide outlines disaster recovery procedures for Panorama, including backup and restore processes.

Backup Procedures

The Panorama’s infrastructure and most of the configuration are stored as code in the hub-panorama-terraform repository. To ensure that full configuration is backed up, there is hub-panorama-config-backup pipeline that runs weekly.

That pipeline stores Panorama’s configuration in the configuration-backup container of the panoramasboxukssa (Sandbox) or panoramaprodukssa (Production) storage account.

This storage account is located in the same resource group as Panorama instance - panorama-sbox-uks-rg (Sandbox) or panorama-prod-uks-rg (Production).

Configuration Backup

The weekly backup of Panorama running configuration is performed automatically. Data retention for the backups is set to 30 days.

Recovery Procedures

After restoring the infrastructure and the Panorama instance itself, the full configuration can be restored from the backup.

Restoring Configuration

Access the configuration-backup container in the panorama<ENV>ukssa storage account located in the panorama-<ENV>-uks-rg resource group.

Download the latest backup file.

Use the Connecting to a Palo Alto firewall guide to connect to the Panorama web interface.

Do not use the Single Sign-On login method, instead use the administrator username and password.

To obtain the administrator username and password access the panorama-<ENV>-uks-kv Key Vault and read the panorama-admin-username and panorama-admin-password secrets.

After you logged in, navigate to Panorama > Setup > Operations.

Click on Import named Panorama configuration snapshot.

Follow the Revert Panorama Configuration Changes guide.

This page was last reviewed on 26 January 2024. It needs to be reviewed again on 26 January 2025 by the page owner platops-build-notices .
This page was set to be reviewed before 26 January 2025 by the page owner platops-build-notices. This might mean the content is out of date.