Export the security rulebase using XML API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Team Member

Seeing that the GUI doesn't have an "export rules" functionality, it's been a recurring topic for quite a while. Users asking for an easy way on how to export the rules.  Using XML API, you can easily export the rules in XML format.

 

As explained in my earlier XML blogs, you'll first need to get the authentication token (or key). To get the key, simply open a browser and go to your firewall's address with the URL you see below. Change <hostname> with your firewall's IP address or actual hostname and change <username> and <password> with the actual username/password:

 

 

https://<hostname>/api/?type=keygen&user=<username>&password=<password>

 

 

For example, your query will look like this if your hostname is 10.192.16.170 and if you're still using the default username/password, which is NOT RECOMMENDED, of course!!!

 

 

https://10.192.16.170/api/?type=keygen&user=admin&password=admin

 

 

This query will return the authentication key ... the result will look like this:

 

<response status="success">
<result>
<key>LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09
</key>
</result>
</response>

 

This long ORANGE string is the authentication key you will be using to perform the following API calls.

 

You can use the API browse function to find out which exact XPATH to use but trust me when I say that you'll be needing "xpath=/config/devices/entry/vsys/entry/rulebase/security".  Notice how I use this XPATH in combination with the key in the below XML API call:

 

 

https://10.192.16.170/api/?type=config&action=show&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&xpath=/config/devices/entry/vsys/entry/rulebase/security

 

 Using the above API call will return the security rulebase in XML format as shown below (truncated in the shown example) :

 

 

<response status="success">
   <result>
      <security>
         <rules>
            <entry name="Lab-Test">
               <to>
                  <member>lab-100</member>
                  <member>lab-200</member>
               </to>
               <from>
                  <member>untrust</member>
               </from>
               <source>
                  <member>any</member>
               </source>
               <destination>
                  <member>any</member>
               </destination>
               <source-user>
                  <member>any</member>
               </source-user>
               <category>
                  <member>any</member>
               </category>
               <application>
                  <member>stocktwits</member>
               </application>
               <service>
                  <member>application-default</member>
               </service>
               <hip-profiles>
                  <member>any</member>
               </hip-profiles>
               <tag>
                  <member>lab-kwens</member>
                  <member>NO TOUCHY</member>
               </tag>
               <action>allow</action>
               <profile-setting>
                  <profiles>
                     <virus>
                        <member>TestUserProfile-NEW</member>
                     </virus>
                     <url-filtering>
                        <member>default</member>
                     </url-filtering>
                     <file-blocking>
                        <member>profile_example</member>
                     </file-blocking>
                     <spyware>
                        <member>strict</member>
                     </spyware>
                     <vulnerability>
                        <member>block-all</member>
                     </vulnerability>
                     <wildfire-analysis>
                        <member>default</member>
                     </wildfire-analysis>
                  </profiles>
               </profile-setting>
               <disabled>yes</disabled>
            </entry>

...

         </rules>
      </security>
   </result>
</response>

 

Since it's in XML format, you can easily parse it into another format like HTML or CSV.

 

Check out my previous blogs with XML API use cases:

 

The-Power-of-XML-API

XML-API-Use-Case-to-Add-and-Delete-TS-Agents

 

Additional resources on XML API :

 

Getting Started with XML API

API Labs with pan-python

Explore the API

Get API Key

URL Encoding

XPATH

XML API Request types

 

Feel free to ask questions or share your XML API examples in the comments section below!

 

-Kiwi out!

 

 

 

 

3 Comments
  • 36977 Views
  • 3 comments
  • 5 Likes
Register or Sign-in
Labels
Top Liked Authors