Export the security rulebase using XML API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

Seeing that the GUI doesn't have an "export rules" functionality, it's been a recurring topic for quite a while. Users asking for an easy way on how to export the rules.  Using XML API, you can easily export the rules in XML format.

 

As explained in my earlier XML blogs, you'll first need to get the authentication token (or key). To get the key, simply open a browser and go to your firewall's address with the URL you see below. Change <hostname> with your firewall's IP address or actual hostname and change <username> and <password> with the actual username/password:

 

 

https://<hostname>/api/?type=keygen&user=<username>&password=<password>

 

 

For example, your query will look like this if your hostname is 10.192.16.170 and if you're still using the default username/password, which is NOT RECOMMENDED, of course!!!

 

 

https://10.192.16.170/api/?type=keygen&user=admin&password=admin

 

 

This query will return the authentication key ... the result will look like this:

 

<response status="success">
<result>
<key>LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09
</key>
</result>
</response>

 

This long ORANGE string is the authentication key you will be using to perform the following API calls.

 

You can use the API browse function to find out which exact XPATH to use but trust me when I say that you'll be needing "xpath=/config/devices/entry/vsys/entry/rulebase/security".  Notice how I use this XPATH in combination with the key in the below XML API call:

 

 

https://10.192.16.170/api/?type=config&action=show&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&xpath=/config/devices/entry/vsys/entry/rulebase/security

 

 Using the above API call will return the security rulebase in XML format as shown below (truncated in the shown example) :

 

 

<response status="success">
   <result>
      <security>
         <rules>
            <entry name="Lab-Test">
               <to>
                  <member>lab-100</member>
                  <member>lab-200</member>
               </to>
               <from>
                  <member>untrust</member>
               </from>
               <source>
                  <member>any</member>
               </source>
               <destination>
                  <member>any</member>
               </destination>
               <source-user>
                  <member>any</member>
               </source-user>
               <category>
                  <member>any</member>
               </category>
               <application>
                  <member>stocktwits</member>
               </application>
               <service>
                  <member>application-default</member>
               </service>
               <hip-profiles>
                  <member>any</member>
               </hip-profiles>
               <tag>
                  <member>lab-kwens</member>
                  <member>NO TOUCHY</member>
               </tag>
               <action>allow</action>
               <profile-setting>
                  <profiles>
                     <virus>
                        <member>TestUserProfile-NEW</member>
                     </virus>
                     <url-filtering>
                        <member>default</member>
                     </url-filtering>
                     <file-blocking>
                        <member>profile_example</member>
                     </file-blocking>
                     <spyware>
                        <member>strict</member>
                     </spyware>
                     <vulnerability>
                        <member>block-all</member>
                     </vulnerability>
                     <wildfire-analysis>
                        <member>default</member>
                     </wildfire-analysis>
                  </profiles>
               </profile-setting>
               <disabled>yes</disabled>
            </entry>

...

         </rules>
      </security>
   </result>
</response>

 

Since it's in XML format, you can easily parse it into another format like HTML or CSV.

 

Check out my previous blogs with XML API use cases:

 

The-Power-of-XML-API

XML-API-Use-Case-to-Add-and-Delete-TS-Agents

 

Additional resources on XML API :

 

Getting Started with XML API

API Labs with pan-python

Explore the API

Get API Key

URL Encoding

XPATH

XML API Request types

 

Feel free to ask questions or share your XML API examples in the comments section below!

 

-Kiwi out!

 

 

 

 

3 Comments
L3 Networker

Here's an example of some scripts that leverage the XML API and pan-python to export policies and other configuration data as CSV formatted output.

 

https://github.com/stealthllama/pandump

 

L0 Member

I have ran this through curl from different machines and only get minimal output. I get all of the certs, then maybe two lines of App-ID. If I use a browser I get the entire config. Any ideas? I need to run a scheduled task to pull the config every night. 

Cyber Elite
Cyber Elite

@D-TownHealth,

What's the actual Curl command you are running. It also might be a good idea to look into something other than Curl. You obviously have access to the API, so you could actually process an export directly from the firewall and SCP it someplace else. 

  • 35560 Views
  • 3 comments
  • 5 Likes
Register or Sign-in
Labels