Palo Alto Networks firewalls maintain both a candidate configuration and a running configuration. The candidate configuration is created or updated when changes are made to policies, security settings, zones, or virtual routers in the firewall's web interface. The candidate configuration only takes effect when it is committed to the running configuration by clicking the commit button or using the commit CLI command. Committing applies the candidate configuration changes to the active running configuration of the firewall. It is important to always commit changes to make them live on the firewall.
Palo Alto Networks firewalls maintain both a candidate configuration and a running configuration. The candidate configuration is created or updated when changes are made to policies, security settings, zones, or virtual routers in the firewall's web interface. The candidate configuration only takes effect when it is committed to the running configuration by clicking the commit button or using the commit CLI command. Committing applies the candidate configuration changes to the active running configuration of the firewall. It is important to always commit changes to make them live on the firewall.
Palo Alto Networks firewalls maintain both a candidate configuration and a running configuration. The candidate configuration is created or updated when changes are made to policies, security settings, zones, or virtual routers in the firewall's web interface. The candidate configuration only takes effect when it is committed to the running configuration by clicking the commit button or using the commit CLI command. Committing applies the candidate configuration changes to the active running configuration of the firewall. It is important to always commit changes to make them live on the firewall.
following config types Candidate Configuration Running Configuration
Whenever someone creates a new policy or changes the
configuration settings of an existing Security Policy or any other parameters like zone, Virtual router etc. in the Palo Alto firewall and click OK as shown below, the Candidate Configuration is either created or updated and this type of configuration is known as Candidate Configuration.
However when Commit tab at the top right corner of Web UI of
the Palo Alto Firewall is clicked the Candidate Configuration is applied to the running configuration of the Palo Alto firewall. And the applied configuration is called running configuration. Also by using “commit” cli command in the configuration mode on can apply candidate configuration to the running configuration.
admin@PA-500# commit
Candidate Configuration never becomes active unless it’s saved
to the Running Configuration so it’s always recommended to click commit whenever someone creates or modify the configuration in the Pal0 Alto Networks Firewall