Seeing that the GUI doesn't have an "export rules" functionality, it's been a recurring topic for quite a while. Users asking for an easy way on how to export the rules. Using XML API, you can easily export the rules in XML format.
As explained in my earlier XML blogs, you'll first need to get the authentication token (or key). To get the key, simply open a browser and go to your firewall's address with the URL you see below. Change <hostname> with your firewall's IP address or actual hostname and change <username> and <password> with the actual username/password:
This long ORANGE string is the authentication key you will be using to perform the following API calls.
You can use the API browse function to find out which exact XPATH to use but trust me when I say that you'll be needing "xpath=/config/devices/entry/vsys/entry/rulebase/security". Notice how I use this XPATH in combination with the key in the below XML API call: