SRX Services Gateway
SRX Services Gateway

export policy rules

06.01.12   |  
‎06-01-2012 12:44 AM

Hi guys,

I'm just wondering is there an "easy" way of exporting the policy rules from the junos config into an excel sheet?

 

Many thanks,

 

Paul

8 REPLIES
SRX Services Gateway

Re: export policy rules

06.01.12   |  
‎06-01-2012 01:40 AM

Hi Paul,

 

Pretty easily.  If you open up Putty or an SSH program and set logging to on, choose a log file location and log into your box.

 

user@srx#edit security policies
user@srx#show | display xml | no-more

 Open your log file up and cut from above <security> and below </security> and save it as an xml file, then just open with excel.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
SRX Services Gateway

Re: export policy rules

06.01.12   |  
‎06-01-2012 01:59 AM

Hi MMcD,

and thanks for your reply.

 

Does what you suggest actually export the "policy rules" or the logs of these rules?

 

I'm looking to do the former so we can have a consice list in excel format of all our firewall rules corporatre wide.

 

Regards,

 

Paul

Highlighted
SRX Services Gateway

Re: export policy rules

06.01.12   |  
‎06-01-2012 02:11 AM

It exports the actual policies.  See the attached screenshot for an example

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]

Attachments

SRX Services Gateway

Re: export policy rules

06.01.12   |  
‎06-01-2012 04:31 AM

MMcD,

I tried that and it's working beautifully.

 

Thanks so much,

 

Paul

SRX Services Gateway

Re: export policy rules

10.25.13   |  
‎10-25-2013 05:24 AM

Hello MMcD,

 

Great post and thank you for this solution. I am however having some difficulties in getting the right view in Excel. I followed your steps and the XML file is being imported in Excel. However when I look at policy rules with multiple source or destination adresses it generates a separate row for every address.

 

For example: If I have 1 policy rule which allows http access from 4 different source addresses to 2 different destination adresses it shows me about 8 different rows in Excel. In the attachment you can find an example. I would like to see 1 single row per policy rule.

 

Do you by any chance have a solution for that? To be complete, we are doing an export of a SRX240 unit.

 

Best regards,

 

Aico

 

Attachments

SRX Services Gateway

Re: export policy rules

05.09.14   |  
‎05-09-2014 02:36 AM

Thanks MMcD,

 

I am brand new to Junosland and this was exactly what I was looking for for exporting my SRX3600 Rulebase into Excel

 

 

Thanks again,

 

Mitchell

SRX Services Gateway

Re: export policy rules

11.04.14   |  
‎11-04-2014 06:52 AM

Having exact same problem as RAVU

SRX Services Gateway

Re: export policy rules

[ Edited ]
08.30.17   |  
‎08-30-2017 08:34 AM

I know this is a bit outdated, but either way..

 

The easiest way to solve this is by opening up the XML sheet in Notepad++ and look in your policies for rules with multiple sources, destinations, and applications. When you find one, copy the closing bracket for one entry all the way to the end of the opening bracket for the next one (including spaces and all). Then, use the replace tool. Set it to look for what you just copied and replace it with \n (make sure Search Mode is set to Extended).

 

Do this for all the other entries (Source, Destination, Application), save your XML, import into Excel.

 

Example of entry to copy:

 

</source-address>
                                <source-address>