How to Export Palo Alto Networks Firewall Configuration to a Spreadsheet
Rohit Singla describes how to export Palo Alto configurations into a spreadsheet. Read more …
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Sometimes it becomes very important and necessary to have the configured policies, routes, and interfaces in a spreadsheet to be shared with the Design Team, the Audit team and for some other purposes. The below method can help in getting thePalo Alto Configuration in a spreadsheet as and when you require and provides insights into Palo Alto best practices. Here you go:
1. First of all, login to your Palo Alto Firewall and navigate to Device > Setup > Operations and click on Export Named Configuration Snapshot:
2. From the pop-up menu select running-config.xml, and click OK. Save the file to the desired location.
3. To export the Security Policies into a spreadsheet, please do the following steps:
a. Make a copy of the running-config.xml and rename it as policies.xml. We will use more copies of running.xml for more operations later.
b. Open the policies.xml in a notepad++, wordpad, editpadlite kind of editor. Avoid normal notepad. If you don’t have notepad++ or editpadlite, use wordpad (inbuilt in your windows).
c. Search for a keyword <security> including the < and > character:
d. Delete all the text before the tag <security>
e. Search for a keyword </security> including the < and > character:
f. Delete all the text after the tag </security>
g. Now do a find and replace option for keyword <member>, replace <member> with blank (nothing)
h. Now similarly do a find and replace option for keyword </member>, replace
</member> with blank (nothing)
i. Save the file and close it.
j. Open a new Excel Spreadsheet and click on MenuBar DATA > From Other Sources > From XML Data import.
k. From the pop-up window, browse and select the policies.xml file. Click on Open, then click OK and then again click OK.
l. There you go, you have all your policies in a spreadsheet.
m. If you see some alignment issue in the cells, quickly press Ctrl+h (find and replace operation), and replace “ “ (space) with blank(nothing) as below:
n. You will see your policies in an excellent and formatted table.
4. To export AddressObjects , create a copy of running-config.xml and save it as address.xml.
a. Open interfaces.xml and search for tag <address> and delete all the text before this tag.
b. Similarly search for </address> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.
5. To export Address-Groups, create a copy of running-config.xml and save it as address-group.xml.
a. Open interfaces.xml and search for tag <address-group> and delete all the text before this tag.
b. Similarly search for </address-group> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.
6. To export PBF policies, create a copy of running-config.xml and save it as pbf.xml.
a. Open interfaces.xml and search for tag <pbf> and delete all the text before this tag.
b. Similarly search for </pbf> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.
7. To export interfaces, create a copy of running-config.xml and save it as interfaces.xml.
a. Open interfaces.xml and search for tag <interface> and delete all the text before this tag.
b. Similarly search for </interface> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.
8. To export Zones, create a copy of running-config.xml and save it as zones.xml.
a. Open interfaces.xml and search for tag <zone> and delete all the text before this tag.
b. Similarly search for </zone> delete all the text after this tag.
c. Save it and repeat steps j,k,l from Policies section.
Check out our top support for Palo Alto Network NGFW. We have automated the world’s best practices to prevent costly disruptions. We can automatically diagnose commonly found problems and recommend fixes. Take a look at this example of how we ensure continuous log collection for your firewall.
Rohit Singla is a Security Consultant. He has been working with Palo Alto Network firewalls for about seven years. If you want to contribute as well, click here.
Related content
Route traffic intelligently with DNS-based GSLB for BlueCat Edge
Discover how DNS-based GSLB with BlueCat Edge empowers networking teams to control traffic steering, reduce costs, and improve resilience.
Webinar Making APIs Work for You (Part 5)
Welcome to Part 5 of Making APIs Work for You. Our community specialist, Vivek Mistry, is your guide, and today, Vivek will focus on user security…
Exciting product update: Introducing BlueCat Integrity X
Introducing BlueCat Integrity X, a single platform for complete visibility and control over critical network services.
Article What is protective DNS (PDNS) and why is PDNS important?
Discover what protective DNS is, how it prevents cyber threats like phishing and malware, and why it’s essential for modern enterprise network security.