Policy report for PCI

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policy report for PCI

L1 Bithead

For PCI compliance, I need to submit poof of our firewall policy (we use a PA3020).  Is there a standard report that I can run that summarizes our Policies, or is there a way to export the policies to a PDF or spreadsheet?  On our old ASA I could simply do an export to HTML or spreadsheet which I could attach to my report.

Thanks in advance.



L7 Applicator

Hello David,

PAN does not have an option at this point of time to export policies to a CSV or PDF reports. There is a feature request has been submitted for the same. See below FR details:

Export security policies as CSV or PDF format

Customer wants to check security policies by hard/soft copy more visually as csv or pdf format. Current xml-base or set-base configuration list is difficult to see/check, especially if there are a lot of entries.

Priority: Low
FR ID: 842

As a workaround, you can collect the "set" command from the CLI:

admin@PAN> set cli config-output-format set

admin@PAN# edit rulebase security

[edit rulebase security]

admin@PAN# show


Export the running config in a XML file and capture the required security policy config.

Hope this helps.


I have the same need as David:

I tried the commands suggested by HULK or our test PA-500:


xxxxxxxx@PANSQA01(active)> set cli config-output-format set
xxxxxxxx@PANSQA01(active)> edit rulebase security
Unknown command: edit
xxxxxxxx@PANSQA01(active)> show

Invalid syntax.


Any other suggestions?

set cli config-output-format set



L6 Presenter

You may import them to Excel and save as PDF.

Importing rulebase into Excel using XML API

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!