SRX

Hi guys,

I'm just wondering is there an "easy" way of exporting the policy rules from the junos config into an excel sheet?

Many thanks,

Paul

Hi Paul,

Pretty easily.  If you open up Putty or an SSH program and set logging to on, choose a log file location and log into your box.

user@srx#edit security policies
user@srx#show | display xml | no-more

 Open your log file up and cut from above <security> and below </security> and save it as an xml file, then just open with excel.

Hi MMcD,

and thanks for your reply.

Does what you suggest actually export the "policy rules" or the logs of these rules?

I'm looking to do the former so we can have a consice list in excel format of all our firewall rules corporatre wide.

Regards,

Paul

It exports the actual policies.  See the attached screenshot for an example

MMcD,

I tried that and it's working beautifully.

Thanks so much,

Paul

Hello MMcD,

Great post and thank you for this solution. I am however having some difficulties in getting the right view in Excel. I followed your steps and the XML file is being imported in Excel. However when I look at policy rules with multiple source or destination adresses it generates a separate row for every address.

For example: If I have 1 policy rule which allows http access from 4 different source addresses to 2 different destination adresses it shows me about 8 different rows in Excel. In the attachment you can find an example. I would like to see 1 single row per policy rule.

Do you by any chance have a solution for that? To be complete, we are doing an export of a SRX240 unit.

Best regards,

Aico

Having exact same problem as RAVU

I know this is a bit outdated, but either way..

The easiest way to solve this is by opening up the XML sheet in Notepad++ and look in your policies for rules with multiple sources, destinations, and applications. When you find one, copy the closing bracket for one entry all the way to the end of the opening bracket for the next one (including spaces and all). Then, use the replace tool. Set it to look for what you just copied and replace it with \n (make sure Search Mode is set to Extended).

Do this for all the other entries (Source, Destination, Application), save your XML, import into Excel.

Example of entry to copy:

</source-address>
                                <source-address>

tdornin gave the right answer. Edit XML on Notepad++. Search for

</(address|application)-name>\s+</((source|destination)-address|application)>\s+<((source|destination)-address|application)>\s+<(address|application)-name>

and replace with

\n

 (or just a comma if preferred)

Search mode: Regular expression.

Thanks MMcD,

I am brand new to Junosland and this was exactly what I was looking for for exporting my SRX3600 Rulebase into Excel

Thanks again,

Mitchell

yes, " # show security policies | display xml | no-more" works well for exporting all policies, however, I have global security policies in place which inherit down to separate zones. 

I ended up using "show groups global_security security policies | display xml | no-more" to grab the global policies. It works the same way.

But is there a way to get ALL policies, both global security policies and the ones specificed to each zone ?