Export the security rulebase using XML API

by on ‎03-29-2018 03:55 AM - last edited on ‎04-16-2018 04:18 PM by (15,525 Views)

Seeing that the GUI doesn't have an "export rules" functionality, it's been a recurring topic for quite a while. Users asking for an easy way on how to export the rules.  Using XML API, you can easily export the rules in XML format.

 

As explained in my earlier XML blogs, you'll first need to get the authentication token (or key). To get the key, simply open a browser and go to your firewall's address with the URL you see below. Change <hostname> with your firewall's IP address or actual hostname and change <username> and <password> with the actual username/password:

 

 

https://<hostname>/api/?type=keygen&user=<username>&password=<password>

 

 

For example, your query will look like this if your hostname is 10.192.16.170 and if you're still using the default username/password, which is NOT RECOMMENDED, of course!!!

 

 

https://10.192.16.170/api/?type=keygen&user=admin&password=admin

 

 

This query will return the authentication key ... the result will look like this:

 

<response status="success">
<result>
<key>LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09
</key>
</result>
</response>

 

This long ORANGE string is the authentication key you will be using to perform the following API calls.

 

You can use the API browse function to find out which exact XPATH to use but trust me when I say that you'll be needing "xpath=/config/devices/entry/vsys/entry/rulebase/security".  Notice how I use this XPATH in combination with the key in the below XML API call:

 

 

https://10.192.16.170/api/?type=config&action=show&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&xpath=/config/devices/entry/vsys/entry/rulebase/security

 

 Using the above API call will return the security rulebase in XML format as shown below (truncated in the shown example) :

 

 

<response status="success">
   <result>
      <security>
         <rules>
            <entry name="Lab-Test">
               <to>
                  <member>lab-100</member>
                  <member>lab-200</member>
               </to>
               <from>
                  <member>untrust</member>
               </from>
               <source>
                  <member>any</member>
               </source>
               <destination>
                  <member>any</member>
               </destination>
               <source-user>
                  <member>any</member>
               </source-user>
               <category>
                  <member>any</member>
               </category>
               <application>
                  <member>stocktwits</member>
               </application>
               <service>
                  <member>application-default</member>
               </service>
               <hip-profiles>
                  <member>any</member>
               </hip-profiles>
               <tag>
                  <member>lab-kwens</member>
                  <member>NO TOUCHY</member>
               </tag>
               <action>allow</action>
               <profile-setting>
                  <profiles>
                     <virus>
                        <member>TestUserProfile-NEW</member>
                     </virus>
                     <url-filtering>
                        <member>default</member>
                     </url-filtering>
                     <file-blocking>
                        <member>profile_example</member>
                     </file-blocking>
                     <spyware>
                        <member>strict</member>
                     </spyware>
                     <vulnerability>
                        <member>block-all</member>
                     </vulnerability>
                     <wildfire-analysis>
                        <member>default</member>
                     </wildfire-analysis>
                  </profiles>
               </profile-setting>
               <disabled>yes</disabled>
            </entry>

...

         </rules>
      </security>
   </result>
</response>

 

Since it's in XML format, you can easily parse it into another format like HTML or CSV.

 

Check out my previous blogs with XML API use cases:

 

The-Power-of-XML-API

XML-API-Use-Case-to-Add-and-Delete-TS-Agents

 

Additional resources on XML API :

 

Getting Started with XML API

API Labs with pan-python

Explore the API

Get API Key

URL Encoding

XPATH

XML API Request types

 

Feel free to ask questions or share your XML API examples in the comments section below!

 

-Kiwi out!

 

 

 

 

Comments
by rhagen
on ‎04-04-2018 09:51 AM

Here's an example of some scripts that leverage the XML API and pan-python to export policies and other configuration data as CSV formatted output.

 

https://github.com/stealthllama/pandump

 

Ask Questions Get Answers Join the Live Community