Module 3 Firewall Configuration Flashcards
What is the running-config
Actual configuration controlling operation of the firewall
What is the candidate config
During startup, running-config copied to a candidate config. A candidate config are changes in progress but not active on the firewall.
What is a commit?
Process of activating pending changes from the candidate to the running config. After commit is selected, the process of overwriting the candidate over the current running-config.
What are the firewall configuration actions?
revert, save, load, export and import.
What type of files are tranfered, .exe, ?
XML files
Control and Data plane - where is the magic happening at boot?
Latest config on disk is loaded to candidate config in control plane. Auto commit copies candidate to running-config in control plane. Running config is both in control and data plane, and receives the new commit. **Any commit saves the changes to the running config in both data and control plane.
How do you save a candidate config?
Save candidate config to save configuration to memory. IT IS IN VOLATILE MEMORY and will not be saved if you reboot the firewall.
How else can you save a candidate config?
Save your current candidate config to an XML file on disk by clicking save configuration snapshot. This will save a reboot.
How do I start over?
You can delete your candidate config, copy the running config to the candidate config by REVERT to RUNNING CONFIG
Can you just do Admin Commits?
Yes, with PAN-OS 8.0 you can do only admin commits.
What happens in the Commit status window?
Warnings displayed do NOT prevent a commit. Errors however do.
There is a small icon next to the commit button. It allows you to do what as an Admin?
Revert changes to previous saved config (per admin or all changes), or save changes in progress without commuting (per admin or all changes).
What are the three sub tabs under commit, when you do a commit?
Change summary, preview changes, and validate commit. Preview compares the candidate to running-config. Change summary - lists the individual settings, and validate shows an error message if you were to commit.
What is the color scheme for preview changes?
Green, yellow and red. Green is what is added, yellow is what is modified and red are deletions.
What is the lock icon - how does it help an admin?
Commit and config lock: Commit blocks other administrators from committing the candidate config, and config lock block the administrators from changing the candidate config
