Export the security rulebase using XML API
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

Seeing that the GUI doesn't have an "export rules" functionality, it's been a recurring topic for quite a while. Users asking for an easy way on how to export the rules.  Using XML API, you can easily export the rules in XML format.


As explained in my earlier XML blogs, you'll first need to get the authentication token (or key). To get the key, simply open a browser and go to your firewall's address with the URL you see below. Change <hostname> with your firewall's IP address or actual hostname and change <username> and <password> with the actual username/password:






For example, your query will look like this if your hostname is and if you're still using the default username/password, which is NOT RECOMMENDED, of course!!!



This query will return the authentication key ... the result will look like this:


<response status="success">


This long ORANGE string is the authentication key you will be using to perform the following API calls.


You can use the API browse function to find out which exact XPATH to use but trust me when I say that you'll be needing "xpath=/config/devices/entry/vsys/entry/rulebase/security".  Notice how I use this XPATH in combination with the key in the below XML API call:


 Using the above API call will return the security rulebase in XML format as shown below (truncated in the shown example) :



<response status="success">
            <entry name="Lab-Test">
                  <member>NO TOUCHY</member>




Since it's in XML format, you can easily parse it into another format like HTML or CSV.


Check out my previous blogs with XML API use cases:





Additional resources on XML API :


Getting Started with XML API

API Labs with pan-python

Explore the API

Get API Key

URL Encoding


XML API Request types


Feel free to ask questions or share your XML API examples in the comments section below!


-Kiwi out!





L3 Networker

Here's an example of some scripts that leverage the XML API and pan-python to export policies and other configuration data as CSV formatted output.




L0 Member

I have ran this through curl from different machines and only get minimal output. I get all of the certs, then maybe two lines of App-ID. If I use a browser I get the entire config. Any ideas? I need to run a scheduled task to pull the config every night. 

Cyber Elite
Cyber Elite


What's the actual Curl command you are running. It also might be a good idea to look into something other than Curl. You obviously have access to the API, so you could actually process an export directly from the firewall and SCP it someplace else. 

Register or Sign-in