Palo Alto

You must first onboard the device in the Administration module.

To export Palo Alto device configurations, compete the following steps.

Log in to the device as an administrator.
Retrieve your API key value.
1. Run this command, replacing Device_IP, User and Passwordwith your data: https://Device_IP/esp/restapi.esp?type=keygen&user=User&password=Password
https://192.168.20.251/esp/restapi.esp?type=keygen&user=admin&password=paloalto
1. The value between <key> and </key> is your API key value. Save this value.
Access this URL, replacing IP_ADDRESS:PORT and API_KEY with your data:

https://IP_ADDRESS:PORT/

api/?type=config&action=show&xpath=/config&type=op&cmd=%3Cshow%3E%3Crouting%3E%3Croute%3E%3C%2Froute%3E%3C%2Frouting%3E%3C%2Fshow%3E&key=API_KEY

Save the page as a .txt only document with the file name: route.txt.
Access this URL, replacing Device_IPorHostname and API_KEY with your data: https:// Device_IPorHostname/api/?type=config&action=show&key=API_KEY
Save the page as an .xml only document with the file name: running.xml
Access this URL, replacing Device_IPorHostname and API_KEY with your data: https://Device_IPorHostname/api/?type=config&action=get&key=API_KEY&xpath=/config
Save the page as an .xml only document with the file name: candidate.xml
In both the running.xml and candidate.xml files, some elements will need to be removed. This will leave both .xml files starting and ending with <config> <\config>
1. Delete the <response status="success"> and <result> elements from the top of the documents.
2. Delete the </result> and </response> closing elements from the end of the documents.

Example from top of .xml file. Deleted text in red.

<response status="success"><result><config version="5.0.0" urldb="brightcloud">
<mgt-config>
<users>
<entry name="admin">

Example from bottom of .xml file. Deleted text in red.

</log-settings>
</entry>
</vsys>
</entry>
</devices>
</config></result></response>