How to check configuration history on Palo Alto firewall?

To check the configuration history on a Palo Alto firewall, follow these steps:

  1. Log in to the firewall’s web interface using an administrator account.
  2. Click on the “Device” tab in the top menu bar, and then click on “Config Audit” in the left-hand menu.
  3. Choosing 2 configurations (Local Running config and 35 Committed on 2023/03/14 in our example) to compare and click on Go.
  4. Double pane window appears.

5. Configuration differences are clearly highlighted by different colors for review, letting the administrator view changes in the present and past configurations. It lists what admin made the change, along with what time it was performed.

Note: in our example, we configure to allow accessing dropboc.com by going to OBJECTS>Custom Objects>URL Category. Add dropbox.com to Allow Websites.

CLI

3. From the CLI, To see the changes between the running configuration and candidate configuration, you can run the following command to see what is different from the running config to the candite config.

> show config diff
risk 1;
preview yes;
}
+ confluence-downloading {
+ category collaboration;
+ subcategory social-business;
+ technology browser-based;
+ description “This App-ID identifies confluence downloading traffic.”;
+ alg no;
+ appident yes;
+ virus-ident yes;
+ spyware-ident yes;
+ file-type-ident yes;
+ vulnerability-ident yes;
+ evasive-behavior no;
+ consume-big-bandwidth no;
+ used-by-malware no;

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com