SRX Services Gateway
Highlighted
SRX Services Gateway

export policy rules

‎06-01-2012 12:44 AM

Hi guys,

I'm just wondering is there an "easy" way of exporting the policy rules from the junos config into an excel sheet?

 

Many thanks,

 

Paul

10 REPLIES 10
SRX Services Gateway

Re: export policy rules

‎06-01-2012 01:40 AM

Hi Paul,

 

Pretty easily.  If you open up Putty or an SSH program and set logging to on, choose a log file location and log into your box.

 

user@srx#edit security policies
user@srx#show | display xml | no-more

 Open your log file up and cut from above <security> and below </security> and save it as an xml file, then just open with excel.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
SRX Services Gateway

Re: export policy rules

‎06-01-2012 01:59 AM

Hi MMcD,

and thanks for your reply.

 

Does what you suggest actually export the "policy rules" or the logs of these rules?

 

I'm looking to do the former so we can have a consice list in excel format of all our firewall rules corporatre wide.

 

Regards,

 

Paul

SRX Services Gateway
Solution
Accepted by topic author paulkil
‎08-26-2015 01:27 AM

Re: export policy rules

‎06-01-2012 02:11 AM

It exports the actual policies.  See the attached screenshot for an example

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]

Attachments

SRX Services Gateway

Re: export policy rules

‎06-01-2012 04:31 AM

MMcD,

I tried that and it's working beautifully.

 

Thanks so much,

 

Paul

SRX Services Gateway

Re: export policy rules

‎10-25-2013 05:24 AM

Hello MMcD,

 

Great post and thank you for this solution. I am however having some difficulties in getting the right view in Excel. I followed your steps and the XML file is being imported in Excel. However when I look at policy rules with multiple source or destination adresses it generates a separate row for every address.

 

For example: If I have 1 policy rule which allows http access from 4 different source addresses to 2 different destination adresses it shows me about 8 different rows in Excel. In the attachment you can find an example. I would like to see 1 single row per policy rule.

 

Do you by any chance have a solution for that? To be complete, we are doing an export of a SRX240 unit.

 

Best regards,

 

Aico

 

Attachments

SRX Services Gateway

Re: export policy rules

‎05-09-2014 02:36 AM

Thanks MMcD,

 

I am brand new to Junosland and this was exactly what I was looking for for exporting my SRX3600 Rulebase into Excel

 

 

Thanks again,

 

Mitchell

SRX Services Gateway

Re: export policy rules

‎11-04-2014 06:52 AM

Having exact same problem as RAVU

SRX Services Gateway

Re: export policy rules

[ Edited ]
‎08-30-2017 08:34 AM

I know this is a bit outdated, but either way..

 

The easiest way to solve this is by opening up the XML sheet in Notepad++ and look in your policies for rules with multiple sources, destinations, and applications. When you find one, copy the closing bracket for one entry all the way to the end of the opening bracket for the next one (including spaces and all). Then, use the replace tool. Set it to look for what you just copied and replace it with \n (make sure Search Mode is set to Extended).

 

Do this for all the other entries (Source, Destination, Application), save your XML, import into Excel.

 

Example of entry to copy:

 

</source-address>
                                <source-address>
SRX Services Gateway

Re: export policy rules

[ Edited ]
‎11-16-2017 09:10 AM

tdornin gave the right answer. Edit XML on Notepad++. Search for

</(address|application)-name>\s+</((source|destination)-address|application)>\s+<((source|destination)-address|application)>\s+<(address|application)-name>

 

and replace with

\n

 (or just a comma if preferred)

Search mode: Regular expression.

m.ar
SRX Services Gateway

Re: export policy rules

‎10-03-2018 03:41 PM

yes, " # show security policies | display xml | no-more" works well for exporting all policies, however, I have global security policies in place which inherit down to separate zones. 

 

I ended up using "show groups global_security security policies | display xml | no-more" to grab the global policies. It works the same way.

 

But is there a way to get ALL policies, both global security policies and the ones specificed to each zone ?