This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Expedition 1.2.87 Hotfix Information

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Expedition 1.2.87 Hotfix Information

dpuigdomenec
L4 Transporter

‎04-25-2024 03:23 AM - edited ‎04-25-2024 03:26 AM

No ratings

Version 1.2.87 (Date April 25, 2024)

PACKAGE DOWNLOAD

  INFORMATION

Link

 https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb

sha1sum

3000ff8ca1bea84096e960aac059f277b8a7935c
apt update
 sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb;
sudo dpkg -i expedition_1.2.87.all.deb;

CHANGELOG

Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers.

Tool:

  • Rule Merge: Prevents merging of rules with "url_category" set to both "any" and a specific value.
  • Fixed UI issue displaying assigned logs/warnings for addresses in the warning tab.
  • Improved UI to show NAT matched security rules.
  • Optimized grouping of members in a group with over 500 members for better performance.
  • Added new filter to identify not_ghost_objects for easier duplicate detection.
  • Updated filters to include services with port >=65535 and invalid addresses in the invalid filters.
  • Added script sample to replace rule names with descriptions (/var/www/html/Os/scripts/renameSecurityRule.php).
  • Added script sample to create JSON or CSV file containing objects from a security rule (/var/www/html/Os/scripts/get_objects_from_rules.php).

Installer:

  • Fixed Erlang repository to support versions > 25.
  • Corrected command to add Expedition to www-data group.

Parsers:

 

FORTINET

  • Enhanced monitor/log to display more information during migration.
  • Resolved issue with creating services that start with "-".
  • Log now appears in the warning tab for easier access when viewing NAT rules.
  • When reading an FQDN with * (Reference used to implement this change: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRfCAK)
    1) Create an FQDN without the * with a log error
    2) Show the FQDN as invalid in the filters.

CISCO

  • Added warning for crypto maps without defined gateway (peer).
  • Identified and marked services not properly recognized in CISCO configuration and attached corresponding error for display in the warning tab.
  • Improved NAT rules logic to auto create inbound rules instead of bidirectional ones when applicable.
  • DNAT ports are only added if no translation is detected.

CHECKPOINT

  • Fixed issue with static routes mapped to bond interfaces ending with 0.
  • Enhanced monitor/log to provide more information when reading FQDNs with "*".

PALOALTO

  • Resolved PHP warnings during configuration import.
Rate this article:
0 Likes Likes
  • 399 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-25-2024 03:26 AM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks