PA Configuration File Format Conversion

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA Configuration File Format Conversion

L1 Bithead

My organization creates PA firewall configurations in "set" format as they are easier to read and peer review.  It is very cumbersome to then put this style of configuration into the firewall itself. Is there a program/utility that can convert this to an importable/merge format? I know there are programs that can convert TO “set” format, but have not found one that does the reverse. Anyone heard of something that does this. Thank you in advance for your assistance and insight.

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello there

 

You may want to take a look at Expedition software, which is a PANW created app for migration of 3rd party configs into PANW xml.

 

It may support the ability to use it for importing via set commands.

 

https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall/migration-tool

 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

I have read and watched some training videos on the migration tool, but nothing I have seen or read thus far says it can do what I am seeking.  I read some on the pan-python portion of the tool as well as that is what is used to create the "set" format when you select the generate xml and set configuration from the migration tool. It also does not, at least from what I have read, explicitly state that i can convert from xml to "set".  I do thank you for your response though.

Cyber Elite
Cyber Elite

@DaleVanPatten,

To the best of my knowledge nothing like this exists. That being said, you could make a Python script to easily accept the input and convert it to XML relatively easily. 

 

Out of curiosity, you're team is already used to reading the configuration exactly how it's inputted into XML format. XML is simply a different format of what they are already using, so switching to pure XML instead of set commands should be a relatively easy step. Any reason why you don't just do a presentation on how to properly read and write the XML configuration and force everyone over to that? This would allow you to put the configuration into a Git repository and actually send it through an approval process within Git itself. 

Appriciate your response.  I am looking into Python, but my skills there are very limited at this time.  I know the migration tool uses pan-paython to produce the set version when you choose that option.  Don't know if it performs the reverse yet.

 

I have considered your second option of just producing them in xml format so they can be imported/merged and counting on the team getting used to viewing it that way.  Will have to see about that, I'm trying to use a presentation they are used to, but get more functionality when applying it.

  • 4487 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!