We want to hear your thoughts!
Hi there - One of our community members created a blog post about this topic. I've included the high level steps below. You can view the full blog post with screen shots here.
++
1. Login to your Palo Alto Firewall and navigate to Device > Setup > Operations and click on Export Named Configuration Snapshot
2. From the pop-up menu select running-config.xml, and click OK. Save the file to a desired location.
3. To export the Security Policies into a spreadsheet, please do the following steps:
- Make a copy of the running-config.xml and rename it as policies.xml. We will use more copies of running.xml for more operations later.
- Open the policies.xml in a notepad++, wordpad, editpadlite kind of editor. Avoid normal notepad. If you don’t have notepad++ or editpadlite, use wordpad (inbuilt in your windows).
- Search for a keyword <security> including the < and > character:
- Delete all the text before the tag <security>
- Search for a keyword </security> including the < and > character:
- Delete all the text after the tag </security>
- Now do a find and replace option for keyword <member>, replace <member> with blank (nothing)
- Now similarly do a find and replace option for keyword </member>, replace </member> with blank (nothing)
- Save the file and close it.
- Open a new Excel Spreadsheet and click on MenuBar DATA > From Other Sources > From XML Data import.
- From the pop up window, browse and select the policies.xml file. Click on Open, then click OK and then again click OK. After this you'll have all your policies in a spreadsheet. If you see some alignment issue in the cells, quickly press Ctrl+h (find and replace operation), and replace “ “ (space) with blank(nothing). Then you will see your policies in an excellent and formatted table.
4. To export AddressObjects , create a copy of running-config.xml and save it as address.xml.
- Open interfaces.xml and search for tag <address> and delete all the text before
- Similarly search for </address> delete all the text after this tag.c. Save it and repeat steps j,k,l from Policies section.
5. To export Address-Groups, create a copy of running-config.xml and save it as address-group.xml.
- Open interfaces.xml and search for tag <address-group> and delete all the text before this tag.
- Similarly search for </address-group> delete all the text after this tag.
- Save it and repeat steps j,k,l from Policies section.
6. To export PBF policies, create a copy of running-config.xml and save it as pbf.xml.
- Open interfaces.xml and search for tag <pbf> and delete all the text before this tag.
- Similarly search for </pbf> delete all the text after this tag.
- Save it and repeat steps j,k,l from Policies section.
7. To export interfaces, create a copy of running-config.xml and save it as interfaces.xml.
- Open interfaces.xml and search for tag <interface> and delete all the text before this tag.
- Similarly search for </interface> delete all the text after this tag.
- Save it and repeat steps j,k,l from Policies section.
8. To export Zones, create a copy of running-config.xml and save it as zones.xml.
- Open interfaces.xml and search for tag <zone> and delete all the text before this tag
- Similarly search for </zone> delete all the text after this tag
- Save it and repeat steps j,k,l from Policies section.
Hope that helps!
slightly off topic, but I find changing the CLI config output extremely helpful, in case anyone is interested:
set cli config-output-format set