Policy report for PCI

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

Policy report for PCI

For PCI compliance, I need to submit poof of our firewall policy (we use a PA3020).  Is there a standard report that I can run that summarizes our Policies, or is there a way to export the policies to a PDF or spreadsheet?  On our old ASA I could simply do an export to HTML or spreadsheet which I could attach to my report.

Thanks in advance.

David

Tags (2)
Highlighted
L7 Applicator

Hello David,

PAN does not have an option at this point of time to export policies to a CSV or PDF reports. There is a feature request has been submitted for the same. See below FR details:

Export security policies as CSV or PDF format

Customer wants to check security policies by hard/soft copy more visually as csv or pdf format. Current xml-base or set-base configuration list is difficult to see/check, especially if there are a lot of entries.

Priority: Low
FR ID: 842


As a workaround, you can collect the "set" command from the CLI:


admin@PAN> set cli config-output-format set

admin@PAN# edit rulebase security

[edit rulebase security]

admin@PAN# show

OR

Export the running config in a XML file and capture the required security policy config.


Hope this helps.


Thanks

Highlighted
L0 Member

I have the same need as David:

I tried the commands suggested by HULK or our test PA-500:

Results:

xxxxxxxx@PANSQA01(active)> set cli config-output-format set
xxxxxxxx@PANSQA01(active)> edit rulebase security
Unknown command: edit
xxxxxxxx@PANSQA01(active)> show

Invalid syntax.
xxxxxxxx@PANSQA01(active)>

===============================

Any other suggestions?

Highlighted
L7 Applicator

set cli config-output-format set

configure

show

Highlighted
L6 Presenter

You may import them to Excel and save as PDF.

Importing rulebase into Excel using XML API

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!