Rule Viewer

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Rule Viewer

L0 Member

Hi folks,

 

I was wondering if there was some kind of rule viewer, that can render the rules in a table from the exported files.

 

Why I need this: Our managed service provider sends us an export of the firewall rules every month and we have to review them every 6 months. Since we don't have a Palo Alto ourselves this is very tedious.

 

I have tried Excel but it's not really optimal. Furthermore the format changes from XLS to XML every month depending on who is doing the export.

 

Cheers,

Johannes.

5 REPLIES 5

L4 Transporter

Have a look at the "Best Practice Assesment", they should be able to provide this.

Cyber Elite
Cyber Elite

@JayArr,

So to answer your question directly, nothing prebuilt for this sort of thing exists to the best of my knowledge. I personally would recommend that they provide you the XML file or XLS file in a consistent file format, you pay them to do a job so pick the one you find easiest and force them to deliver in that method. 

Some things to think about:

A VM series firewall is fairly cheap, and would allow you to import the rulebase and verify in the GUI for a minimal expense. You could even do this with a per-hour VM on AWS or Azure and only use it for policy review. The time saved would vastly outweigh the cost of running the VM for a few hours. 

Ask them to provide a tech support file instead, and then feed this file into the BPA tool available on the support portal. This will do a few things for you. First and formost it will do a best practices assesment for you, which sounds like it may take care of the review that you are doing manually now. Second, it provides you everything you would need to see the status of the rulebase and the device in one simple snapshot. 

L5 Sessionator

Hi @JayArr

 

If you're on PAN-OS 8.1 you're able to export the rulebase to either a CSV or PDF, however, this is done on the firewall directly and not via the exported configuration file.

 

https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/firewall-administration/use-the-web-...

 

If I were doing it myself and had to go off an XML config file, I'd probably use the Best Practice Assessment Tool as @RobinClayton suggested.

 

Thanks,

Luke.

 

 

 

L0 Member

Hey guys,

 

thanks for your answers.

 

I'm certainly not going to buy a virtual firewall just to see the rules lol.

 

The BPA tools seems worth a shot however it is also only downloadable with a valid support account. I'm going to ask our service provider if they can download it for us.

 

The thing is here that we have to comply to a lot of certifications and they all require us to review firewall rulesets even if it is managed by a service provider. Since we do not own Palo Alto firewalls we have to find some alternative because, frankly, viewing these rules in excel drives you insane.

 

Thanks again guys, and Cheers,

Johannes.

The BPA is a tool that you run the Tech Support file through. It then outputs a multi part HTML document that includes all your rules in tabular format with their important settings including the AV/Malware profiles and more or less everything else.

 

It will give you lots of recomendations on things that can be improved on all aspects of th FW.

 

You Service provider should have access to it if you can't get it fro your support login.

 

Rob

  • 2777 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!