Comments
by UmerKamal
‎05-29-2018 06:11 AM - edited ‎05-29-2018 06:11 AM

when we should expect User Guide for Expedition ?

by alestevez
on ‎05-29-2018 06:54 AM

we expect to have first release this week.

by DSchlosser-GSD
on ‎06-03-2018 10:40 AM

Problems getting export of set commands with full configuration.  Dashboard reflects no invalid objects and no duplicates but still unable to get the set commands.

by alestevez
on ‎06-04-2018 02:29 AM

hi @DSchlosser-GSD Please open a new thread under Discussions please

by dbergin
on ‎06-07-2018 08:33 PM

Is Expedition the successor to the Migration Tool (OVA) listed at the following URL?

 

https://live.paloaltonetworks.com/t5/Migration-Tool-Articles-old/Download-the-Migration-Tool/ta-p/56...

 

I see that the download is just a tarball of VMWare files...

 

What's the difference and can either tool convert ASA config to partial Palo Alto config (or set commands) to deploy to an existing multi-tenent PA device?

by alestevez
on ‎06-10-2018 01:06 AM

Yes it is. This version is to run under vmware workstation or with VMPlayer, if you need to convert to ESXi you can use VMware Converter.

by jzdziech
on ‎06-18-2018 12:37 AM

Any sign of that User Document yet?

I have customers asking about this.

by ChrisMurr
on ‎06-20-2018 09:32 AM

User Guide???

by JIVES
on ‎07-12-2018 04:49 AM

Is it possible to have this new version in an OVA.

 

Its a bit risky just adding a thirdparty host on our VM farm, OVA's are a more accpetable risk.

 

 

by Tony_Kiser
on ‎08-16-2018 01:46 PM

I'm simply trying to import an xml into a project that my account created and as soon as the % import basically finishes, I get a message that says "you do not have rights in the project" ??  Any assistance would be great!

by Syed_Shayan
on ‎08-23-2018 03:32 PM

I m having same issues, when importing checkpoint firewall configuration on R77.30.  I am logged in admin but still receies the message "failed : you do not rights in this project"

by alestevez
on ‎08-28-2018 06:07 AM

We are reviewing it, thanks

by alestevez
on ‎08-28-2018 06:10 AM

If someone can send us an email to fwmigrate at paloaltonetworks dot com to describe how to reproduce the problem, we are unable to reproduce it sorry. Thanks

by yctan
on ‎08-29-2018 01:25 AM

Is the BPA feature in expedition functioning? I tried to import a running config.xml and run but nothing came out. Is there any steps that i missed out?


by alestevez
on ‎08-29-2018 01:53 AM

@yctan are you in the latest version 1.0.103?

by yctan
on ‎08-29-2018 01:55 AM

Im at 1.0.84. I saw this thread on BPA:

 

https://live.paloaltonetworks.com/t5/Expedition-Discussions/Best-Practices-Analysis-Not-Running/td-p...

 

I have problem updating when running this cli to update.

 

sudo apt-get update
by alestevez
on ‎08-29-2018 01:58 AM

After that command just run the next one (ignore any error)

 

sudo apt-get install expedition-beta
by alestevez
on ‎08-29-2018 01:59 AM

@yctan and you have to run after everything this command as well:

 

sudo bash /var/www/html/OS/BPA/updateBPA306.sh
by yctan
on ‎08-29-2018 02:11 AM

Its working now. Thanks!

by Jeroen.Scheerder
on ‎09-03-2018 05:54 AM

Updates have passed in Ubuntuland, and Expedition(-beta) did not survive.

 

- The conversionupdates repository was removed from sources.list

- After re-enabling it again:

 

expedition@Expedition:~$ sudo apt-get install expedition-beta
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
bc libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
Suggested packages:
php-pear
The following NEW packages will be installed:
bc expedition-beta libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,289 kB/46.0 MB of archives.
After this operation, 18.3 MB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
expedition-beta
Install these packages without verification? [y/N] y
Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 bc amd64 1.07.1-2 [86.2 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libexporter-tiny-perl all 1.000000-2 [34.6 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 liblist-moreutils-perl amd64 0.416-1build3 [55.5 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 php-common all 1:60ubuntu1 [12.1 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-common amd64 7.2.7-0ubuntu0.18.04.2 [879 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-json amd64 7.2.7-0ubuntu0.18.04.2 [18.8 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-opcache amd64 7.2.7-0ubuntu0.18.04.2 [164 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-readline amd64 7.2.7-0ubuntu0.18.04.2 [12.1 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libsodium23 amd64 1.0.16-2 [143 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-cli amd64 7.2.7-0ubuntu0.18.04.2 [1,406 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 php7.2-phpdbg amd64 7.2.7-0ubuntu0.18.04.2 [1,445 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 php-radius amd64 1.4.0~b1-6build2 [31.8 kB]
Fetched 4,289 kB in 6s (728 kB/s)
Selecting previously unselected package bc.
(Reading database ... 85832 files and directories currently installed.)
Preparing to unpack .../00-bc_1.07.1-2_amd64.deb ...
Unpacking bc (1.07.1-2) ...
Selecting previously unselected package libexporter-tiny-perl.
Preparing to unpack .../01-libexporter-tiny-perl_1.000000-2_all.deb ...
Unpacking libexporter-tiny-perl (1.000000-2) ...
Selecting previously unselected package liblist-moreutils-perl.
Preparing to unpack .../02-liblist-moreutils-perl_0.416-1build3_amd64.deb ...
Unpacking liblist-moreutils-perl (0.416-1build3) ...
Selecting previously unselected package php-common.
Preparing to unpack .../03-php-common_1%3a60ubuntu1_all.deb ...
Unpacking php-common (1:60ubuntu1) ...
Selecting previously unselected package php7.2-common.
Preparing to unpack .../04-php7.2-common_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-json.
Preparing to unpack .../05-php7.2-json_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-opcache.
Preparing to unpack .../06-php7.2-opcache_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-readline.
Preparing to unpack .../07-php7.2-readline_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package libsodium23:amd64.
Preparing to unpack .../08-libsodium23_1.0.16-2_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.16-2) ...
Selecting previously unselected package php7.2-cli.
Preparing to unpack .../09-php7.2-cli_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-phpdbg.
Preparing to unpack .../10-php7.2-phpdbg_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php-radius.
Preparing to unpack .../11-php-radius_1.4.0~b1-6build2_amd64.deb ...
Unpacking php-radius (1.4.0~b1-6build2) ...
Selecting previously unselected package expedition-beta.
Preparing to unpack .../12-expedition-beta_1.0.103_amd64.deb ...
Unpacking expedition-beta (1.0.103) ...
Processing triggers for install-info (6.5.0.dfsg.1-2) ...
Setting up libexporter-tiny-perl (1.000000-2) ...
Setting up libsodium23:amd64 (1.0.16-2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up php-common (1:60ubuntu1) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up bc (1.07.1-2) ...
Setting up liblist-moreutils-perl (0.416-1build3) ...
Setting up php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/php7.2 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar7.2 to provide /usr/bin/phar (phar) in auto mode
update-alternatives: using /usr/bin/phar.phar7.2 to provide /usr/bin/phar.phar (phar.phar) in auto mode
Setting up php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/phpdbg7.2 to provide /usr/bin/phpdbg (phpdbg) in auto mode
Setting up php-radius (1.4.0~b1-6build2) ...
Setting up expedition-beta (1.0.103) ...
PHP Fatal error: Uncaught Error: Class 'mysqli' not found in /var/www/html/libs/database.php:22
Stack trace:
#0 /var/www/html/bin/updates/updateSQL.php(14): require_once()
#1 {main}
thrown in /var/www/html/libs/database.php on line 22
its recommended to run after install: apt-get -y -f install
its recommended to run after install: sudo apt-get autoremove
PHP Fatal error: Uncaught Error: Call to undefined function PaloAltoNetworks\expedition\sns\curl_init() in /var/www/html/libs/sns/sns.php:126
Stack trace:
#0 /var/www/html/libs/sns/sns.php(155): PaloAltoNetworks\expedition\sns\sns->send_message('{"type": "stats...')
#1 /var/www/html/libs/sns/sns.php(92): PaloAltoNetworks\expedition\sns\sns->send_stats('Update Installe...')
#2 /var/www/html/libs/sns/sns.php(38): PaloAltoNetworks\expedition\sns\sns->update('4be79b3c-a61d-4...')
#3 /var/www/html/libs/utils.php(17): PaloAltoNetworks\expedition\sns\sns->__construct(Array)
#4 /var/www/html/OS/update/snsUpdate.php(11): sns_init(Array)
#5 {main}
thrown in /var/www/html/libs/sns/sns.php on line 126
Checking for old projects and Devices what are not Encrypted
PHP Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664

Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664
Warning: ALREADY_ENABLED: 5140-5150:tcp
Warning: ALREADY_ENABLED: 4050-4070:tcp

by yctan
on ‎09-04-2018 12:44 AM

Hi, i followed the steps given above with my new environment but the BPA is not functioning. Is there any changes?

 

Thanks

by Ramzee
on ‎09-24-2018 03:13 AM

Hi All,

 

How to create log connector in Plugins or is there any user guide document on this steps?

Thanks.

 

Ramzee

by MatzePeng
on ‎09-25-2018 07:44 AM

Hey community,

 

when we should expect the documentation "Using Machine Learning to create Policies from logs" ?

We have implemented expedition in the latest version.

Add new Project and load  firewall config's and Logg's works fine so far.

But if the firewall export files are loaded from 24 hours with more than 4 GB size, the tool will stop working. How do you best deal with the shortage of data? Is it possible to send the data directly via syslogg to expedition?

How is this set up?

 

Thanks

 

MatzePeng

by alestevez
on ‎09-25-2018 07:46 AM

The documentation is ready and now is under review so expect it this week!

by MatzePeng
on ‎09-25-2018 07:50 AM

Hey alestevez,

Thank you for your prompt reply. That sounds good.

Best regards

Matthias

by bartc88
on ‎09-25-2018 11:12 AM
  1. Using Machine Learning to create Policies from logs (Coming soon)  How much longer for this guide? :) 
by alestevez
on ‎09-25-2018 12:56 PM

Available !!

by bartc88
on ‎09-25-2018 01:03 PM

SWEET!!


by Ramzee
on ‎10-03-2018 11:46 PM

Hi All,

 

Is it possible if i manually upload the traffic log into Expedition, instead of the Expedition pull the log by itself thru the network?

The reason being is i didnt install the Expedition in client's environment, install in my laptop instead.

 

I need the traffic log into Expedition in order Expedition to advise me for rules optimization (recommended App-ID, recommended rules not in use, recommended merge rules, etc etc)

 

Thanks,

Ramzee

by MatzePeng
on ‎10-04-2018 12:35 AM

Hi Ramzee,

 

If I understood your question correctly, the answer is yes.

 

You can export the logs and the configuration from firewall to file and manually load them into expedition for analysis.

We load the files via SCP (SSH) in data folder to expedition. After that, the files are available in expedition.

The only problem we had where files that were too big ( export 24h traffic log with more than 4 GB Data fom 3000 Series Palo an more than 1 Mio lines per *.csv file). There seems to be a problem in expedition. Maybe our system need more perfomance.  Don't know at the moment.

Would make sense to test it with short files at the beginning.

 

I think all the information you need can be found in the documentation above.

 

Best

MatzePeng

 

by alestevez
on ‎10-04-2018 12:36 AM

@Ramzee Yes and No, you need to first create the device and retrive the Configuration by using the APIs, that means you need to be in the customer's network to do that. Then you can manually import via SCP the log files and place into Expedition, from the DEvice configured you can tell where you placed them for analisys, Please follow the Documentation https://paloaltonetworks.box.com/s/2h1xd16i5nlwkv9pmpega0m416rnps0q and follow the Rule Enrichment Process to do the App-ID Adoption

by Ramzee
on ‎10-04-2018 01:08 AM

Hi MatzePeng,

 

Understood on the approach.

Another question, I have export traffic log in .csv but it only containt log for a day. From the firewall Monitor tab, at least i can see up until June 2018. Please advise how can i export all traffic logs.

 

Thanks.

by Ramzee
on ‎10-04-2018 01:11 AM

Hi alestevez,

 

As for now the Expedition is not install in client's environment. I'm trying looking to run the Expedition out from client's environment (my laptop didnt connect to client's environment).

 

Thanks for your advise.

by MatzePeng
on ‎10-04-2018 01:16 AM

Hi Ramzee,

 

logs can be exported using filters.

 

Palo Alto knowledgebase

 

_https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clj3CAC

 

Best

 

 

 

by Ramzee
on ‎10-04-2018 01:20 AM

Hi MatzePeng,

 

The same exact steps that i did before, the result from .csv only showing today and only for 2 hours of traffic log. Instead i can see from the firewall Monitor Traffic log, i can see at least starting from June 2018.

by MatzePeng
‎10-04-2018 01:33 AM - edited ‎10-04-2018 01:46 AM

Hey,

 

strange. Have you checked the date, time and time zone on the firewall and expedition?

 

To rule out a malfunction in the GUI, would I test it all over the CLI. Is there the problem too?

 

Have you also checked the maximum number of lines in the CSV file? How many lines does your file have?

Please check the configuration as described in the link.

 

_https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaPCAS

 

Best

MatzePeng

 

by Ramzee
on ‎10-04-2018 01:53 AM

Hi MatzePeng ,

 

You are right, that is the restriction. Currently the default Max Rows in CSV is 65535. I would need to increase it if require more logs. Max value can be increase is 1048576.

 

Thanks a lot mate for the assistant!

by bspilde
on ‎10-31-2018 10:31 AM

@alestevezWhat firewalls are supported by Expedition now? I don't see this documented anywhere.

 

by HomerHsieh
‎10-31-2018 07:25 PM - edited ‎10-31-2018 07:27 PM

Hi, bspilde

 

You  can refer this document, it memtions about Cisco, Fortinet, Check Point, Forcepoint, Juniper and IBM XGS.

 

https://www.paloaltonetworks.com/resources/datasheets/expedition-transformation-and-best-practices-a...

 

Homer

by bspilde
on ‎11-12-2018 12:17 PM
by nburrows
on ‎01-30-2019 02:15 AM

Hello, I am looking at migrating some McAfee (Stonesoft) firewalls (version 6.3.8) to a new Palo Alto estate and wondered if Expedition will be able to process the configurations.  I appreciate that McAfee/Stonesoft isn't supported natively, but wondered if the Forcepoint modules in Expedition extend to the newer versions of McAfee code following the aquisition by Forcepoint.  Appreciate the answer is probably 'No', but thought I would check.  Thanks

by alestevez
on ‎01-30-2019 05:53 AM

@nburrows It should work, probably they didnt change the config. If you can please verify it. Thanks

by SteveSirag
on ‎02-20-2019 11:54 AM

I'm finding nothing in these docs about how to access the GUI after you've downloaded and run the virtual machine.  I can't browse to localhost, and although I can log into the CLI through the console, I am not seeing which IP/port combination I need to insert into the browser to reach the GUI.

 

What am I missing?

Ask Questions Get Answers Join the Live Community
Contributors