Im fairly sure its no way to convert the old configs to ansible playbooks. I dont really know how your policys look like and how many policys you are creating each day, but the thought of creating individuals policy in a playbook dont really sounds like something you would do in a the long run. Look at this example for a policy, https://github.com/PaloAltoNetworks/ansible-playbooks/blob/master/fw_rules.yml Imagine just sorting out the application/service/hostname/hostgroup/tag without being able to browse the one that are already defined? I guess panorama has its problem but i rebuilding one sounds messy. I dont know how your enviorment looks like, but i use ansible to create for example network interface, there you can also sync so it does config for switches, dns etc at the same time. I have also done playbooks that load a list of policy from a report in (exported from panorama of unused rules for x amount of time) and disable them, i also have a playbook for software upgrades. Here are some inspiration https://github.com/PaloAltoNetworks/ansible-playbooks
... View more