In order to fulfill the corporate requirement to backup the configuration of Panorama and the Panorama-managed firewalls securely, which protocol should you select when adding a new scheduled config export?
In order to fulfill the corporate requirement to backup the configuration of Panorama and the Panorama-managed firewalls securely, which protocol should you select when adding a new scheduled config export?
To securely back up the configuration of Panorama and the Panorama-managed firewalls, SCP (Secure Copy Protocol) is the best choice. SCP uses SSH (Secure Shell) to provide encryption and secure the transfer of data. Other options such as FTP send data in plain-text and thus do not meet the security requirements. HTTPS is commonly used for secure communication over a network, but it is not typically used for scheduled config exports. SMB v3 provides secure file sharing but is less commonly used for this specific application compared to SCP.
FTP, SFTP and SCP can help accomplish the same thing, which is to move files from here to there (or, based on relativity, from there to here) nice and quickly and over ethernet. There is one major difference between FTP and the other 2, though: FTP sends data in plain-text whereas SCP and SFTP use the SSH (Secure Shell) protocol for communication. Again, this is for security purposes, so when it comes to websites and transferring sensitive information, it is always better to err on the side of security.
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/administer-panorama/manage-panorama-and-firewall-configuration-backups/schedule-export-of-configuration-files
You can use both SCP and FTP according to the documentation (unless you're running Windows XD lol)
But "securely" means you should use TFTP. Not only FTP. That's the difference.
I mean *SFTP