04-21-2011 02:13 AM
Is it possible to export security policy with CSV, PDF or txt format?? I can’t find any export menu only for firewall rule.
If it is possible, is it able to modify that exported firewall rule??
And then is it possible to import modified firewall rule to PA device??
Customer wants to review their firewall rule with readable file format.
Of course I know that PA supports export for configuration file on the Device TAB but it is included all of configure information.
I just want to know that how to export firewall policy only with CSV, PDF or etc.
04-21-2011 03:39 AM
This is not possible with the webgui. The only way you can modify and import the configuration from the webgui is the export and import function in the device tab.
What you might try is the CLI.
Within the CLI set the output format to set (set cli config-output-format set) and then go into the configure mode. When you do an 'show rulebase' it will show you the rulebase in a readable format.
04-21-2011 01:19 PM
I have a utility that will extract most of the configuration of the box into an Excel documnets with multiple sheets.
It will give you rulebase, custom apps, application groups, application filters , services etc.
Email me on firstname.lastname@example.org and I will send you a copy and you can try it to see if it does what you are looking for.
Best regards Staffan
06-15-2012 11:23 AM
so, exports of security policies are still not available?
i really hate tring to audit 150+ rules in the web gui.
06-15-2012 11:14 PM
I think solsens excel-utility can be handy for this.
Otherwise you can export the running-config.xml and run it through sed or such.
The interresting stuff is between <rulebase> and </rulebase> (to get not only the rules but also any profiles or such) and if you want just the security rules you go for the stuff between <security> and </security>.
Another method (already described), specially if you are not friendly to xml, is to use cli and enable set-commands and then just do a "show running-config" (which you then run through sed to only keep the interresting stuff).
06-18-2012 09:33 AM
so, its roll your own then .. ok, thanks mikand.
btw: i dont see 'solsens excel-utility' on this forum or google.
06-19-2012 02:00 AM
I think you must email him to get a copy, while you email him - ask if he cant publish he utility online? 🙂
06-20-2012 02:58 PM
do you have an address?
I just stared my audit via the giu :|, this is going to be painful
06-20-2012 03:03 PM
His email is posted in the message he posted earlier: https://live.paloaltonetworks.com/message/6354#6354
06-20-2012 03:16 PM
06-21-2012 12:06 AM
This message is targeted to PA team...
It would be nice to provide an official tools to export firewall rules, NAT rules, Decryption rules in HTML, PDF format.
Checkpoint has an official tools called Web Visualization tools.
PA, please help us...
06-21-2012 06:27 AM
06-21-2012 06:37 AM
06-21-2012 07:09 AM
I tried the Excel using XML API method.
It works BUT it's not friendly as the Checkpoint Tools...
06-21-2012 09:48 AM
Just an FYI to all. In the instructions for Excel using XML API it references Using the XML API in the paragraph in step 2. In the instructions on Using the XML API, there is a typo in 01. of Key Generation https://hostname/esp/restapi.esp?type=keygen&user=username&passwordpassword=password. It should be &password=password.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!