is it possible to export firewall rule only??

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

is it possible to export firewall rule only??

L3 Networker

Hi all.

Is it possible to export security policy with CSV, PDF or txt format?? I can’t find any export menu only for firewall rule.

If it is possible, is it able to modify that exported firewall rule??

And then is it possible to import modified firewall rule to PA device??

Customer wants to review their firewall rule with readable file format.

Of course I know that PA supports export for configuration file on the Device TAB but it is included all of configure information.

I just want to know that how to export firewall policy only with CSV, PDF or etc.

Thanks,

Eugene.

19 REPLIES 19

L4 Transporter

Hi,

This is not possible with the webgui. The only way you can modify and import the configuration from the webgui is the export and import function in the device tab.

What you might try is the CLI.

Within the CLI set the output format to set (set cli config-output-format set) and then go into the configure mode. When you do an 'show rulebase' it will show you the rulebase in a readable format.

Marcel

Not applicable

Hi Eugene!

I have a utility that will extract most of the configuration of the box into an Excel documnets with multiple sheets.

It will give you rulebase, custom apps, application groups, application filters , services etc.

Email me on staffan@radpoint.se and I will send you a copy and you can try it to see if it does what you are looking for.

Best regards Staffan

so, exports of security policies are still not available?

i really hate tring to audit 150+ rules in the web gui.

I think solsens excel-utility can be handy for this.

Otherwise you can export the running-config.xml and run it through sed or such.

The interresting stuff is between <rulebase> and </rulebase> (to get not only the rules but also any profiles or such) and if you want just the security rules you go for the stuff between <security> and </security>.

Another method (already described), specially if you are not friendly to xml, is to use cli and enable set-commands and then just do a "show running-config" (which you then run through sed to only keep the interresting stuff).

so, its roll your own then .. ok, thanks mikand.

btw: i dont see 'solsens excel-utility' on this forum or google.

I think you must email him to get a copy, while you email him - ask if he cant publish he utility online? 🙂

do you have an address?

I just stared my audit via the giu :|, this is going to be painful

His email is posted in the message he posted earlier: https://live.paloaltonetworks.com/message/6354#6354

sry, thanks

L4 Transporter

Hello,

This message is targeted to PA team...

It would be nice to provide an official tools to export firewall rules, NAT rules, Decryption rules in HTML, PDF format.

Checkpoint has an official tools called Web Visualization tools.

PA, please help us...

Regards,

Hedi

Seconded!

Did you try this already?

Thanks

James

Hello,

I tried the Excel using XML API method.

It works BUT it's not friendly as the Checkpoint Tools...

Regards,

Hedi

Just an FYI to all.  In the instructions for Excel using XML API it references Using the XML API in the paragraph in step 2.  In the instructions on Using the XML API, there is a typo in 01. of Key Generation https://hostname/esp/restapi.esp?type=keygen&user=username&passwordpassword=password.  It should be &password=password.

  • 7989 Views
  • 19 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!