How to convert security policies into an excel file in Palo Alto Firewall

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Yasir
L1 Bithead

How to convert security policies into an excel file in Palo Alto Firewall

I am looking for a way to convert exsisitng security policies in PA firewall in PAN-OS version 7.0.x to an excel or CSV file. I found no valid way or documents. Can any body help me.

 

 

Cheers

 

Yasir

santonic
L5 Sessionator

There is no such built-in function. 

But it shouldn't be too difficult to write a script which parses XML config file and rewrites it as CSV as XML is nicely structured.

pulukas
L7 Applicator

I've used this user script in version 5 & 6 in the past.  Not sure if it still works in version 7.

 

https://live.paloaltonetworks.com/t5/API-Articles/Simple-export-of-rules-as-Excel-or-HTML/ta-p/65082

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
clyde.franklin
L4 Transporter

With Pan Configurator  service-edit.php if I want to delete unused objects is it possible to set a count limit? For exampel I dont want to do all 500 at one time unt say 100 at a time. Look to see if there is a string   like "maxcount' to end comman below.

 

 php address-edit.php  in=2473.xml out=/dev/null actions=delete 'filter=( object is.unused)' 

 
Raido
L7 Applicator

Follow those steps to convert rules into Excel.

 

https://indeni.com/how-to-export-palo-alto-networks-firewalls/

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
clyde.franklin
L4 Transporter

Hi  thanks for reply but was acutally lookin gofr answer on below? Not sure if my post heading was mixed up.

 

With Pan Configurator  service-edit.php if I want to delete unused objects is it possible to set a count limit? For exampel I dont want to do all 500 at one time unt say 100 at a time. Look to see if there is a string   like "maxcount' to end comman below.

 

 php address-edit.php  in=2473.xml out=/dev/null actions=delete 'filter=( object is.unused)' 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!