Palo Alto Export Configuration using TFTP

Export the Active Configuration ( running-config for Cisco folks )  to a TFTP store running on Ubuntu 14.

Jump into your Ubuntu box and install the tftpd-hpa package using apt-get.

#apt-get install tftpd-hpa

Configure a few properties of the TFTP daemon.

#vi /etc/default/tftpd-hpa



TFTP_OPTIONS=”-c -v –secure”

Create and chmod /var/lib/tftp to allow writing to this directory by group “others”.

mkdir /var/lib/tftp

chmod o+w /var/lib/tftp

Export the active configuration.

tftp export configuration remote-port 69 source-ip from running-config.xml to


Subnetting a class C address in your head

In our example we apply the subnet mask [ /25] to the network

Subtract 25 from 32 total mask bits to leave 7 unmask bits which give way to host bits. Find the total address, including subnet and broadcast, per subnet chunk by raising 2 to the power of unmask bits.

Remember 2^8 = 256

2^7 = (2^8) / 2 = 128

Count from 0 by increments found in your computed answer to 256.

In this case we established two subnets using the /25 netmask.

Subnet     First Host     Last Host     Broadcast

0                 1                      126                 127

128             129                 254                 255