How to Export PANW Firewall Configurations to a spreadsheet?


#1

We want to hear your thoughts!


#2

Hi there - One of our community members created a blog post about this topic. I've included the high level steps below. You can view the full blog post with screen shots here.


++


1. Login to your Palo Alto Firewall and navigate to Device > Setup > Operations and click on Export Named Configuration Snapshot


2. From the pop-up menu select running-config.xml, and click OK. Save the file to a desired location.


3. To export the Security Policies into a spreadsheet, please do the following steps:

  • Make a copy of the running-config.xml and rename it as policies.xml. We will use more copies of running.xml for more operations later.
  • Open the policies.xml in a notepad++, wordpad, editpadlite kind of editor. Avoid normal notepad. If you don’t have notepad++ or editpadlite, use wordpad (inbuilt in your windows).
  • Search for a keyword <security> including the < and > character:
  • Delete all the text before the tag <security>
  • Search for a keyword </security> including the < and > character:
  • Delete all the text after the tag </security>
  • Now do a find and replace option for keyword <member>, replace <member> with blank (nothing)
  • Now similarly do a find and replace option for keyword </member>, replace </member> with blank (nothing)
  • Save the file and close it.
  • Open a new Excel Spreadsheet and click on MenuBar DATA > From Other Sources > From XML Data import.
  • From the pop up window, browse and select the policies.xml file. Click on Open, then click OK and then again click OK. After this you'll have all your policies in a spreadsheet. If you see some alignment issue in the cells, quickly press Ctrl+h (find and replace operation), and replace “ “ (space) with blank(nothing). Then you will see your policies in an excellent and formatted table.


4. To export AddressObjects , create a copy of running-config.xml and save it as address.xml.

  • Open interfaces.xml and search for tag <address> and delete all the text before
  • Similarly search for </address> delete all the text after this tag.c. Save it and repeat steps j,k,l from Policies section.


5. To export Address-Groups, create a copy of running-config.xml and save it as address-group.xml.

  • Open interfaces.xml and search for tag <address-group> and delete all the text before this tag.
  • Similarly search for </address-group> delete all the text after this tag.
  • Save it and repeat steps j,k,l from Policies section.


6. To export PBF policies, create a copy of running-config.xml and save it as pbf.xml.

  • Open interfaces.xml and search for tag <pbf> and delete all the text before this tag.
  • Similarly search for </pbf> delete all the text after this tag.
  • Save it and repeat steps j,k,l from Policies section.


7. To export interfaces, create a copy of running-config.xml and save it as interfaces.xml.

  • Open interfaces.xml and search for tag <interface> and delete all the text before this tag.
  • Similarly search for </interface> delete all the text after this tag.
  • Save it and repeat steps j,k,l from Policies section.


8. To export Zones, create a copy of running-config.xml and save it as zones.xml.

  • Open interfaces.xml and search for tag <zone> and delete all the text before this tag
  • Similarly search for </zone> delete all the text after this tag
  • Save it and repeat steps j,k,l from Policies section.


Hope that helps!



#3

slightly off topic, but I find changing the CLI config output extremely helpful, in case anyone is interested:


set cli config-output-format set