Sometimes, you may make changes that you don't want to keep and you want to go back to how it was before. In this blog post, we're going to look at a couple of ways to discard or revert Palo Alto's uncommitted changes. We'll explain each method step by step, and to make it even easier, we'll provide an example for each option.
Running Configuration and Candidate Configuration
Now, before we go further, it's important to understand two key terms associated with the Palo Alto Firewalls - 'Running Configuration' and 'Candidate Configuration'.
- Running configuration on the firewall has all settings that have been committed and are currently active.
- Candidate configuration is a copy of the running configuration and any changes done after the last commit. These changes are not yet active and will be activated after the commit operation.
In this blog, we're focusing on the Candidate Configuration — where you've made changes but haven't committed them.
Method 1 - Revert Changes
Now, let's discuss the first way to discard changes - the 'Revert Changes' method. To use this, go to the top right of your screen and click 'Revert Changes'. You'll see two options: 'just your changes' and 'all changes'. This lets you choose whether to undo only what you've changed or all changes made by everyone.
For this example, I'm going to create an address object and then use the Revert option to discard the object I created. As you can see below, the firewall is showing that the new object I created will be reverted back (removed)
Method 2 - Revert to Running Configuration
The second option is to navigate to Device > Setup > Operations > Revert > Revert to running configuration.
It's important to note a key difference - this approach doesn't let you discard 'only' your changes. If another administrator has also made changes, using this method will discard their changes too. So, proceed with caution to avoid unwanted surprises.