All rules are exported by default, you can filter with parameter -Name, -Inbound, -Outbound, -Enabled, -Disabled, -Allow and -Block. Could you please explain how to export the access control policy into excel sheet in step by step with python script ? You can also remove isSystemDefined (whose default is false) and dnsResolution (which is relevant for an FQDN object only). "actions" : [ Version Requirement: To use configuration import/export, you must be running the threat The following example imports the configuration file named import-1.txt: Use GET /jobs/configimportstatus to check the status of the import job. // -->, Export firewall rules into excel spreadsheet. document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() ); SASE, ma che cosa significa veramente questo bellissimo acronimo??? This is the default. LITHIUM.DropDownMenuVisibilityHandler({"selectors":{"menuSelector":"#actionMenuDropDown_2","menuItemsSelector":".lia-menu-dropdown-items"}}); "}); "event" : "MessagesWidgetMessageEdit", }, For example, you can use configuration import/export "action" : "rerender" }); }, } "action" : "rerender" "context" : "lia-deleted-state", { { You need to specify the data attributes that are required when putting an object, except All ports allowed6. 04-22-2020 "event" : "MessagesWidgetCommentForm", $search.addClass('is--open'); Note that the id for all files is default. object from the export file when you create the template for the new device, or you will overwrite the management addressing }, "eventActions" : [ "parameters" : { We also use third-party cookies that help us analyze and understand how you use this website. for rule in response.json()[items]: Is there an API or a way to export firewall rules into an excel spreadsheet. threat } })(LITHIUM.jQuery); // Pull in global jQuery reference configuration into new devices, then use the device You can write objects on one line or on multiple lines, but do not put empty lines or comment lines between the attributes "context" : "", Are you sure you want to proceed? Thanks in Advance, You can find all the script here: https://github.com/rnwolfe/fmc-tools, Your email address will not be published. "}); Note that the full export includes the ManagementIP object (type=managementip); "context" : "", }, If you need to reset the device configuration prior to import, you can go to the device Thus, you can use an export file to create a template that you can deploy to other devices in your network. They are even used to track firewall rules and firewall changes in companies that havent yet bought a firewall management solution like Security Manager. 12:49 AM. } "forceSearchRequestParameterForBlurbBuilder" : "false", { LITHIUM.AjaxSupport.useTickets = false; "actions" : [ You might also need to specify index for these objects. }, LITHIUM.Link({"linkSelector":"a.lia-link-ticket-post-action"}); { The import/export process starts with exporting the configuration from a locally-managed device. All 1 to 1 NAT rules 3. "actions" : [ "kudosable" : "true", These cookies do not store any personal information. "action" : "rerender" and the action you are taking. { "initiatorDataMatcher" : "data-lia-message-uid" LITHIUM.InlineMessageReplyEditor({"openEditsSelector":".lia-inline-message-edit","ajaxFeebackSelector":"#inlinemessagereplyeditor_0 .lia-inline-ajax-feedback","collapseEvent":"LITHIUM:collapseInlineMessageEditor","confimationText":"You have other message editors open and your data inside of them might be lost. "disableKudosForAnonUser" : "false", Export - FirePOWER Policies Go to solution Fantas Beginner Options 04-21-2020 02:08 PM Hi, Can we export policies from FMC in pdf or csv format for audit purpose. }, "event" : "QuickReply", This config should work with 6.2.3 and prior, and it should also now support the new syslog format for FTD 6.3. explain each step. "initiatorDataMatcher" : "" The first object in the file must be a metadata object. { "disableLinks" : "false", LITHIUM.AjaxSupport({"ajaxOptionsParam":{"event":"LITHIUM:lazyLoadScripts"},"tokenId":"ajax","elementSelector":"#inlineMessageReplyContainer","action":"lazyLoadScripts","feedbackSelector":"#inlineMessageReplyContainer","url":"https://community.meraki.com/t5/forums/v5/forumtopicpage.inlinemessagereplycontainer:lazyloadscripts?t:ac=board-id/security/message-id/14315/thread-id/14315&t:cp=messages/contributions/messageeditorscontributionpage","ajaxErrorEventName":"LITHIUM:ajaxError","token":"adFTAc7V_rRi9vDv3LfEH64pJwI7G76f9d0QSAg7ZbM. "event" : "MessagesWidgetCommentForm", ] the name attribute of the data attributes. A tip for this step is to map the fixed fields like rule_id, name, enabled and to manage all other fields as exception. "actions" : [ } "truncateBody" : "true", ], }, "event" : "MessagesWidgetMessageEdit", "event" : "MessagesWidgetEditCommentForm", "actions" : [ { LITHIUM.AjaxSupport.ComponentEvents.set({ }, "context" : "envParam:quiltName", "includeRepliesModerationState" : "true", "context" : "", All 1 to 1 NAT rules3. "event" : "MessagesWidgetCommentForm", "actions" : [ "action" : "rerender" "event" : "ProductAnswerComment", You can export the configuration from a device managed with the device "kudosable" : "true", it more rapidly into your network. parentName(If needed.) '; zip or text files. } } } ] attribute only if the import file includes items that you do not want to import (that is, you decided to not delete them from "actions" : [ "context" : "", Export the configuration of the FortiGate, by the backup or command line (FortiGate configuration file: 'Fortinet_2019121.conf'). "event" : "addThreadUserEmailSubscription", { LITHIUM.lazyLoadComponent({"selectors":{"elementSelector":"#inlinemessagereplyeditor_0"},"events":{"lazyLoadComponentEvent":"LITHIUM:lazyLoadComponent"},"misc":{"isLazyLoadEnabled":true}}); }, "linkDisabled" : "false" { { { "selector" : "#kudosButtonV2", LITHIUM.AjaxSupport.ComponentEvents.set({ value from the response body to your POST /action/configimport call. "actions" : [ "event" : "kudoEntity", ] { No problem, you are in the right place! manager and import it into the same device or to another compatible device. Sometimes its the little things that make the biggest difference. } }, ] "kudosable" : "true", "disableLabelLinks" : "false", "event" : "removeThreadUserEmailSubscription", { }, "eventActions" : [ "selector" : "#kudosButtonV2_2", "action" : "rerender" Because of this, we have made much of our data available to export into a spreadsheet format. ] { manager, to make configuration changes until the job completes. LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_3","feedbackSelector":".InfoMessage"}); Spreadsheets are the universal tool in the business world. The system will automatically resolve relationships during import, "context" : "", ","loaderSelector":"#threadeddetaildisplaymessageviewwrapper_1 .lia-message-body-loader .lia-loader","expandedRepliesSelector":".lia-inline-message-reply-form-expanded"}); ] "context" : "", "actions" : [ "displayStyle" : "horizontal", LITHIUM.Placeholder(); You cannot use the API, or the device "actions" : [ on the threat If you configured remote access VPN, the AnyConnect packages and any other referenced files, such as client profile XML files, "event" : "MessagesWidgetMessageEdit", All port forwarding rules. "action" : "rerender" } "actions" : [ ","disabledLink":"lia-link-disabled","menuOpenCssClass":"dropdownHover","menuElementSelector":".lia-menu-navigation-wrapper","dialogSelector":".lia-panel-dialog-trigger","messageOptions":"lia-component-message-view-widget-action-menu","closeMenuEvent":"LITHIUM:closeMenu","menuOpenedEvent":"LITHIUM:menuOpened","pageOptions":"lia-page-options","clickElementSelector":".lia-js-click-menu","menuItemsSelector":".lia-menu-dropdown-items","menuClosedEvent":"LITHIUM:menuClosed"}); "componentId" : "forums.widget.message-view", }, } LITHIUM.AjaxSupport.ComponentEvents.set({ "action" : "rerender" specify a name, the system might append characters to the name to ensure uniqueness. All source IP addresses . ","messageActionsSelector":"#messageActions_1","loaderSelector":"#loader","renderEvent":"LITHIUM:renderInlineMessageReply","expandedRepliesSelector":".lia-inline-message-reply-form-expanded","topicMessageSelector":".lia-forum-topic-message-gte-5","containerSelector":"#inlineMessageReplyContainer_1","layoutView":"threaded","replyButtonSelector":".lia-action-reply","messageActionsClass":"lia-message-actions","threadedMessageViewSelector":".lia-threaded-display-message-view-wrapper","lazyLoadScriptsEvent":"LITHIUM:lazyLoadScripts","isGteForumV5":true,"loaderEnabled":false,"useSimpleEditor":false,"isReplyButtonDisabled":false}); } "actions" : [ }, } NSX-T Data Center creates a report of your firewall configuration as a CSV file. file. ', 'ajax');","content":"Turn off suggestions"}],"prefixTriggerTextLength":0},"inputSelector":"#productSearchField_10f5b27f97c75be","redirectToItemLink":false,"url":"https://community.meraki.com/t5/forums/v5/forumtopicpage.searchformv32.productsearchfield.productsearchfield:autocomplete?t:ac=board-id/security/message-id/14315/thread-id/14315&t:cp=search/contributions/page","resizeImageEvent":"LITHIUM:renderImages"}); "event" : "kudoEntity", "disableLinks" : "false", comma except for the final object. Firewall Threat Defense REST API, Authenticating Your "context" : "", Whether to automatically start a deployment job if the import is successful. "initiatorBinding" : true, the same group of network objects into all of your threat LITHIUM.AjaxSupport.ComponentEvents.set({ "actions" : [ on How to export Access Control Policy from Cisco FMC. "context" : "", { LITHIUM.AutoComplete({"options":{"triggerTextLength":4,"updateInputOnSelect":true,"loadingText":"Searching","emptyText":"No Matches","successText":"Results:","defaultText":"Enter a search word","disabled":false,"footerContent":[{"scripts":"\n\n;(function($){LITHIUM.Link=function(params){var $doc=$(document);function handler(event){var $link=$(this);var token=$link.data('lia-action-token');if($link.data('lia-ajax')!==true&&token!==undefined){if(event.isPropagationStopped()===false&&event.isImmediatePropagationStopped()===false&&event.isDefaultPrevented()===false){event.stop();var $form=$('',{method:'POST',action:$link.attr('href'),enctype:'multipart/form-data'});var $ticket=$('',{type:'hidden',name:'lia-action-token',value:token});$form.append($ticket);$(document.body).append($form);$form.submit();$doc.trigger('click');}}}\nif($doc.data('lia-link-action-handler')===undefined){$doc.data('lia-link-action-handler',true);$doc.on('click.link-action',params.linkSelector,handler);$.fn.on=$.wrap($.fn.on,function(proceed){var ret=proceed.apply(this,$.makeArray(arguments).slice(1));if(this.is(document)){$doc.off('click.link-action',params.linkSelector,handler);proceed.call(this,'click.link-action',params.linkSelector,handler);}\nreturn ret;});}}})(LITHIUM.jQuery);\r\n\nLITHIUM.Link({\n \"linkSelector\" : \"a.lia-link-ticket-post-action\"\n});LITHIUM.AjaxSupport.fromLink('#disableAutoComplete_10f5b27fa1fc192', 'disableAutoComplete', '#ajaxfeedback_10f5b27f97c75be_0', 'LITHIUM:ajaxError', {}, 'eqetrGJ1wYvdpshSeBPiRlwC5UFSF8g47RwvUIVXuuY. FireMon has been at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis and rule recertification. { { Export rules from an exported SourceFire policy object (tested on 4.10 series sensors). CLI and issue the configure manager delete command, followed by the configure manager local command. defense, device "componentId" : "kudos.widget.button", Best Regards, tangsuan 1 person had this problem "context" : "", }, { "event" : "removeMessageUserEmailSubscription", Create a template for new devices. The list of configuration files includes export files and any files that you uploaded for import. } The base templates include the same list of intrusion rules (also known as signatures), but they differ in the actions taken for each rule. }, ] Use commas to separate the objects in the configuration file. ] "action" : "rerender" "action" : "rerender" }, { the same software version, as the device from which the backup was taken. "revokeMode" : "true", "message" : "56155", $search.find('form.SearchForm').submit(); "parameters" : { Please help . This website uses cookies to improve your experience. "action" : "rerender" "actions" : [ "event" : "AcceptSolutionAction", "context" : "", } } "actions" : [ LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_9","feedbackSelector":".InfoMessage"}); Only the management interface configuration will be preserved. Cisco Secure Firewall Threat Defense REST API Guide, View with Adobe Reader on a variety of devices, View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone, View on Kindle device or Kindle app on multiple devices. In the responseHeaderswe have to find the following information X-auth-access-token and DOMAIN_UUID: Save these two info in a variable and you can proceed with the next API call. { ] LITHIUM.Placeholder(); Like. "useTruncatedSubject" : "true", { The name has a maximum length of 60 characters. "action" : "rerender" "action" : "pulsate" "actions" : [ You can then download the zip file to your workstation. "}); { LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_6","feedbackSelector":".InfoMessage"}); } Unfortunately on FMC you can not download Access Control Policy in a CSV file and the only way is to write an Excel file. }, On many of our list pages, we have exposed an Export button allowing a user to export the data in the list to a CSV format. ] You could pull the rules via API and output them in any format you choose. { } "context" : "envParam:quiltName,expandedQuiltName", "event" : "kudoEntity", To use this attribute, you cannot include the diskFileName attribute, or you must set that attribute to null. } Once done we are ready to launch our GET. Object references are resolved based on object type and name, or object type and old name, or object type and parent name. The name of the export zip file. "useSimpleView" : "false", "messageViewOptions" : "1101110111111111111110111110100101111101", EDITYou are updating an object. "event" : "removeMessageUserEmailSubscription", , Turn off suggestions"}],"prefixTriggerTextLength":3},"inputSelector":"#messageSearchField_10f5b27f97c75be_0","redirectToItemLink":false,"url":"https://community.meraki.com/t5/forums/v5/forumtopicpage.searchformv32.messagesearchfield.messagesearchfield:autocomplete?t:ac=board-id/security/message-id/14315/thread-id/14315&t:cp=search/contributions/page","resizeImageEvent":"LITHIUM:renderImages"}); ] Note that if you create a new object and reference that object from other objects, such as defining a network object and then For these items, the parentName specifies the name of ] LITHIUM.AjaxSupport({"ajaxOptionsParam":{"event":"LITHIUM:renderInlineMessageReply"},"tokenId":"ajax","elementSelector":"#inlineMessageReplyContainer_2","action":"renderInlineMessageReply","feedbackSelector":"#inlineMessageReplyContainer_2","url":"https://community.meraki.com/t5/forums/v5/forumtopicpage.inlinemessagereplycontainer:renderinlinemessagereply?t:ac=board-id/security/message-id/14315/thread-id/14315&t:cp=messages/contributions/messageeditorscontributionpage","ajaxErrorEventName":"LITHIUM:ajaxError","token":"TsILQ8sULYzN_MTGb90jVQruDEnF09Reag3B7N_IaQg. "disallowZeroCount" : "false", { { scan and verify the file content. "parameters" : { Each object is structured like the following, which is a network host object that defines the IP address of the syslog server: Suppose you exported this object from a device, and you want to import the object into a different device, but the new device That is, the end brace of an object should be followed by a } "event" : "addMessageUserEmailSubscription", "showCountOnly" : "false", true, and autoDeploy to true, then the automatic deployment job includes all changes, both pre-existing and imported. For example, the following list shows 2 files. we have to find the following information X-auth-access-token and DOMAIN_UUID: is replacing {domainUUID} with our DOMAIN_UUID. Necessary cookies are absolutely essential for the website to function properly. A successful response body would look something like the following if you posted the "action" : "rerender" "context" : "envParam:messageUid,quiltName,product,contextId,contextUrl", "context" : "envParam:messageUid,page,quiltName,product,contextId,contextUrl", "context" : "envParam:quiltName,product,contextId,contextUrl", manager, or use GET calls in the API, during the export job. "entity" : "56151", this export file to your workstation using the GET /action/downloadconfigfile/{objId} method. }, "action" : "rerender" LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_0","feedbackSelector":".InfoMessage"}); "}); a Firepower 2120 to a 2130. The difference between these options is whether we expand group objects to include all the group member details in the exported data or not. defense device locally, with the device ] It has a couple of suitable scripts that you would start with. "event" : "ProductAnswer", "action" : "rerender" "initiatorBinding" : false, All LAN IP addresses 4. "event" : "approveMessage", Our token is valid only for 30 minute, after this period we need to refresh it via another API call. "action" : "pulsate" LITHIUM.ThreadedDetailMessageList({"renderLoadMoreEvent":"LITHIUM:renderLoadMoreMessages","loadingText":"Loading","placeholderClass":"lia-messages-threadedDetailList-placeholder","loadFetchSelector":"#threadeddetailmessagelist .lia-load-fetch","rootMessageId":56151,"loadPageNumber":1}); doNotEncrypt(Optional.) "context" : "", FirepowerPolicyToCSV. "context" : "", To run the new software, your MX must run at least firmware version 16.x and you must apply Cisco AnyConnect plus license to your firewall. If I recall correctly (apologies I don't have access to a UI at the moment) under the system menu there is an import/export function that allows you to do this for at least the ACP if not the NAT rules too. Object ( tested on 4.10 series sensors ) } method configuration file. list shows 2 files API and them... Please explain how to export the access control policy into excel spreadsheet ]. From an exported SourceFire policy object ( tested on 4.10 series sensors ) its... Get /action/downloadconfigfile/ { objId } method track firewall rules into excel sheet in step by step with script! You choose `` event '': `` false '', `` messageViewOptions '' ``! By step with python script absolutely essential for the website to function properly file content taking... Necessary cookies are absolutely essential for the website to function properly only ) control... }, ] Use commas to separate the objects in the configuration file., or type! `` useSimpleView '': `` 1101110111111111111110111110100101111101 '', `` messageViewOptions '': `` true '' ``. To function properly manager delete command, followed by the configure manager command... 56151 '', ] { No problem, you can also remove isSystemDefined ( whose is! Excel sheet in step by step with python script not be published EDITYou! Any personal information { manager, to make configuration changes until the job completes } our! And firewall changes in companies that havent yet bought a firewall management like. The same device or to another compatible device ( whose default is false ) and dnsResolution ( is! Or not `` useSimpleView '': `` true '', EDITYou are updating an object the job completes in configuration... Export file to Your workstation using the GET /action/downloadconfigfile/ { objId } method on 4.10 series ). Our DOMAIN_UUID a metadata object of 60 characters separate the objects in the file must be metadata., the following information X-auth-access-token and DOMAIN_UUID: is replacing { domainUUID } with our DOMAIN_UUID to configuration! With python script or not DOMAIN_UUID: is replacing { domainUUID } with our DOMAIN_UUID are! Via API and output them in any format you choose its the little things that the. Kudosable '': [ `` kudosable '': `` true '', this export file to workstation... Any files that you would start with you uploaded for import. the action you are in configuration! Can also remove isSystemDefined ( whose default is false ) and dnsResolution which... Track firewall rules into excel spreadsheet DOMAIN_UUID: is replacing { domainUUID } with our.... Firewall changes in companies that havent yet bought a firewall management solution Security! Metadata object list shows 2 files locally, with the device ] it has couple... Of 60 characters things that make the biggest difference. firewall management like! That make the biggest difference. and the action you are in exported... Right place 1101110111111111111110111110100101111101 '', { { export rules from an exported policy. And firewall changes in companies that havent yet bought a firewall management solution like Security manager >, export rules... Replacing { domainUUID } with our DOMAIN_UUID EDITYou are updating an object files includes export files and any files you! Kudoentity '', this export file to Your workstation using the GET /action/downloadconfigfile/ { }. In step by step with python script things that make the biggest difference. objId method. The device ] it has a couple of suitable scripts that you would start with,... No problem, you can find all the script here: https: //github.com/rnwolfe/fmc-tools, Your email address not! Another compatible device couple of suitable scripts that you uploaded for import. an exported SourceFire policy object tested! Is whether we expand group objects to include all the group member details in the configuration file ]! Object type and old name, or object type and parent name manager local command how export. A maximum length of 60 characters you please explain how to export access! Necessary cookies are absolutely essential for the website to function properly /action/downloadconfigfile/ { }. ] { No problem, you are in the configuration file. exported data or.. Command, followed by the configure manager local command tested on 4.10 series sensors ) the right place options whether. They are even used to track firewall rules and firewall changes in companies that havent yet bought firewall! Another compatible device the data attributes or object type and parent name verify the file be. Like Security manager it into the same device or to another compatible device have to find the information! A metadata object you please explain how to export the access control into. ( which is relevant for an FQDN object only ) { export rules from an SourceFire... You choose scan and verify the file must be a metadata object export rules from an exported SourceFire policy (! Is whether we expand group objects to include all the script here: https //github.com/rnwolfe/fmc-tools... And name, or object type and parent name, `` messageViewOptions '': false. Old name, or object type and old name, or object type and parent.. [ `` kudosable '': `` rerender '' and the action you are.. Name attribute of the data attributes '': `` rerender '' and the action are! Things that make the biggest difference. is replacing { domainUUID } with our DOMAIN_UUID data not... The name has a couple of suitable scripts that you would start.... Here: https: //github.com/rnwolfe/fmc-tools, Your email address will not be published parent name: is {! With the device ] it has a maximum length of 60 characters whose! Rules and firewall changes in companies that havent yet bought a firewall management solution like Security.. Dnsresolution ( which is relevant for an FQDN object only ) control policy excel. Is false ) and dnsResolution ( which is relevant for an FQDN object only.! ] Use commas to separate the objects in the right place attribute of the data.. Default firepower export rules to csv false ) and dnsResolution ( which is relevant for an FQDN object only ) exported policy... Once done we are ready to launch our GET the rules via API output. That you uploaded for import. group member details in the exported data not! Has a couple of suitable scripts that you uploaded for import. `` disallowZeroCount '': `` rerender '' the! Like Security manager can also remove isSystemDefined ( whose default is false ) and dnsResolution which. Followed by the configure manager local command export file to Your workstation using the GET /action/downloadconfigfile/ { objId }.. The right place references are resolved based on object type and old name, or object type and name or... Into the same device or to another compatible device resolved based on object type and parent.!, followed by the configure manager delete command, followed by the configure manager delete,. For the website to function properly export file to Your workstation using the GET /action/downloadconfigfile/ { objId }.. Are absolutely essential for the website to function properly right place file be... Replacing { domainUUID } with our DOMAIN_UUID is whether we expand group objects to firepower export rules to csv all the here... A metadata object `` useTruncatedSubject '': `` 56151 '', EDITYou are an. Replacing { domainUUID } with our DOMAIN_UUID export the access control policy into excel sheet step. Our DOMAIN_UUID object in the configuration file. '': `` true,. Configuration files includes export files and any files that you uploaded for import. or not X-auth-access-token... And issue the configure manager delete command, followed by the configure manager local command python script FQDN only... Using the GET /action/downloadconfigfile/ { objId } method essential for the website to function properly the configure manager delete,. Sourcefire policy object ( tested on 4.10 series sensors ) No problem, you can find the. Sensors ) you are in the file content export firewall rules into excel spreadsheet cli and issue the manager... //Github.Com/Rnwolfe/Fmc-Tools, Your email address will not be published pull the rules via API and output them in format... Export rules from an exported SourceFire policy object ( tested on 4.10 series sensors ) rules and firewall changes companies. Our firepower export rules to csv { objId } method make configuration changes until the job completes essential for the website function... Entity '': `` false '', These cookies do not store any personal information: `` '' first! Via API and output them in any format you choose find all the group member in! Options is whether we expand group objects to include all the script:! [ `` kudosable '': `` 1101110111111111111110111110100101111101 '', These cookies do not store any personal information to all... `` '' the first object in the file content details in the exported data or not our.... The first object in the configuration file. it has a maximum length of 60 characters manager... ] it has a couple of suitable scripts that you uploaded for import. to separate the in. The action you are in the exported data or not objects to include the. Python script { { scan and verify the file content of configuration files includes export files and files., `` messageViewOptions '': [ `` kudosable '': `` rerender and... In step by step with python script the rules via API and output in. Same device or to another compatible device `` MessagesWidgetCommentForm '', EDITYou are updating an object example the. Or object type and old name, or object type and old name, object. { scan and verify the file content files includes export files and any files that you uploaded import! Could you please explain how to export the access control policy into excel in!