Subscribe to the Blog

Get articles sent directly to your inbox.

Sometimes it becomes very important and necessary to have the configured policies, routes, and interfaces in a spreadsheet to be shared with the Design Team, the Audit team and for some other purposes. The below method can help in getting the Palo Alto Configuration in a spreadsheet as and when you require and provides insights into Palo Alto best practices. Here you go:

1. First of all, login to your Palo Alto Firewall and navigate to Device > Setup > Operations and click on Export Named Configuration Snapshot:

2. From the pop-up menu select running-config.xml, and click OK. Save the file to the desired location.

3. To export the Security Policies into a spreadsheet, please do the following steps:

a.  Make a copy of the running-config.xml and rename it as policies.xml. We will use more copies of running.xml for more operations later.
b.  Open the policies.xml in a notepad++, wordpad, editpadlite kind of editor. Avoid normal notepad. If you don’t have notepad++ or editpadlite, use wordpad (inbuilt in your windows).
c.  Search for a keyword <security> including the < and > character:

d.  Delete all the text before the tag <security>
e.  Search for a keyword </security> including the < and > character:

f.  Delete all the text after the tag </security>
g.  Now do a find and replace option for keyword <member>, replace <member> with blank (nothing)

h.  Now similarly do a find and replace option for keyword </member>, replace
 </member> with blank (nothing)

i.  Save the file and close it.
j.  Open a new Excel Spreadsheet and click on MenuBar DATA > From Other Sources > From XML Data import.

k.  From the pop-up window, browse and select the policies.xml file. Click on Open, then click OK and then again click OK.

l.  There you go, you have all your policies in a spreadsheet.
m. If you see some alignment issue in the cells, quickly press Ctrl+h (find and replace operation), and replace “ “ (space) with blank(nothing) as below:

n. You will see your policies in an excellent and formatted table.

4. To export AddressObjects , create a copy of running-config.xml and save it as address.xml.

a. Open interfaces.xml and search for tag <address> and delete all the text before this tag.
b. Similarly search for </address> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.

5. To export Address-Groups, create a copy of running-config.xml and save it as address-group.xml.

a. Open interfaces.xml and search for tag <address-group> and delete all the text before this tag.
b. Similarly search for </address-group> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.

6. To export PBF policies, create a copy of running-config.xml and save it as pbf.xml.

a. Open interfaces.xml and search for tag <pbf> and delete all the text before this tag.
b. Similarly search for </pbf> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.

7. To export interfaces, create a copy of running-config.xml and save it as interfaces.xml.
a. Open interfaces.xml and search for tag <interface> and delete all the text before this tag.
b. Similarly search for </interface> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.

8. To export Zones, create a copy of running-config.xml and save it as zones.xml.

a. Open interfaces.xml and search for tag <zone> and delete all the text before this tag.
b. Similarly search for </zone> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.

Check out our top support for Palo Alto Network NGFW. We have automated the world’s best practices to prevent costly disruptions. We can automatically diagnose commonly found problems and recommend fixes. Take a look at this example of how we ensure continuous log collection for your firewall. 

Rohit Singla is a Security Consultant. He has been working with Palo Alto Network firewalls for about seven years. If you want to contribute as well, click here.

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.