Policy report for PCI

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
breedend
L1 Bithead

Policy report for PCI

For PCI compliance, I need to submit poof of our firewall policy (we use a PA3020).  Is there a standard report that I can run that summarizes our Policies, or is there a way to export the policies to a PDF or spreadsheet?  On our old ASA I could simply do an export to HTML or spreadsheet which I could attach to my report.

Thanks in advance.

David

Tags (2)
HULK
L7 Applicator

Hello David,

PAN does not have an option at this point of time to export policies to a CSV or PDF reports. There is a feature request has been submitted for the same. See below FR details:

Export security policies as CSV or PDF format

Customer wants to check security policies by hard/soft copy more visually as csv or pdf format. Current xml-base or set-base configuration list is difficult to see/check, especially if there are a lot of entries.

Priority: Low
FR ID: 842


As a workaround, you can collect the "set" command from the CLI:


admin@PAN> set cli config-output-format set

admin@PAN# edit rulebase security

[edit rulebase security]

admin@PAN# show

OR

Export the running config in a XML file and capture the required security policy config.


Hope this helps.


Thanks

MSchlenker
L0 Member

I have the same need as David:

I tried the commands suggested by HULK or our test PA-500:

Results:

xxxxxxxx@PANSQA01(active)> set cli config-output-format set
xxxxxxxx@PANSQA01(active)> edit rulebase security
Unknown command: edit
xxxxxxxx@PANSQA01(active)> show

Invalid syntax.
xxxxxxxx@PANSQA01(active)>

===============================

Any other suggestions?

jvalentine
L7 Applicator

set cli config-output-format set

configure

show

panos
L6 Presenter

You may import them to Excel and save as PDF.

Importing rulebase into Excel using XML API

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!