Expedition Articles

Expedition Release Notes for Hotfixes

by alestevez on ‎06-01-2018 08:52 AM - edited Friday by dgildelaig (8,224 Views)


Release Notes:


Version 1.1.19

Date 16/05/2019


  • [MT-1001] - CSV import - do not allow Security policies to be imported into 'Shared'
  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly


  • [MT-1068] - CSV Parquet. Split CSV files into buckets based on available RAM. Reduce chances for memoryoverhead error

New Feature

  • [MT-1069] - environtmentParameters. Verify that all required parameters are defined via a healthcheck


Version 1.1.18

Date 13/05/2019


• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-1039] - Zone names - max characters is 31 - expedition recognizes only up to 15
• [MT-1046] - WebUI - Filter for Address --> Type needs to be corrected
• [MT-1059] - Slow performance - when removing unused objects
• [MT-1065] - Filters: duplicated Name & Value on AddressGroups


• [MT-858] - Usability improvement feature: Add status icon for Project exports
• [MT-1061] - Change "No rules configured" to "Select a vsys with rules"
• [MT-1067] - CSV Parquet. Use available RAM



Version 1.1.17

Date 06/05/2019



  • [MT-403] - CISCO. The field devicegroup shows "default" instead of filename
  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-961] - ScreenOS - service configs with multiple ports and protocols with SRC settings not migrating correctly
  • [MT-1048] - Dashboard - Disk Space message - updated Live Community link
  • [MT-1051] - TAG "merged" is used by objects but not exported to the XML
  • [MT-1052] - Edit Security Rules: add/edit tag change with id
  • [MT-1056] - Policy count reporting error. Vsys "all" will not display security rules.
  • [MT-1057] - WebUI - wording changes


  • [MT-999] - Mark Checkpoint policies with a Warning when migrated from an action not set to allow or deny
  • [MT-1012] - UI wording change - Search and Replace - change 'VSYS' to 'VSYS / DG'


Version 1.1.16

Date 30/04/2019


• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
• [MT-994] - Address merge - perform a precheck for Ghost objects. Do not let ghost objects to be merged
• [MT-1004] - Virtual Router - Route sorting not working
• [MT-1017] - Add LACP Port Priority on Interface when type is Aggregate Ethernet (reported by Luke)
• [MT-1027] - ASA migration - failing to complete the migration
• [MT-1029] - Add Tag Column on Grid Applications
• [MT-1030] - PANOS. Panoram read-only. Dont create it if max id is 0
• [MT-1031] - XML generation - <import> - importing unneeded interfaces causing commit to fail
• [MT-1032] - Checkpoint R80.20 - Address groups not being migrated
• [MT-1033] - Interfaces: update interfaces on other tables
• [MT-1042] - CSV. After read the content of a csv file go to PAGE1 by default.
• [MT-1043] - CISCO. Support for address-group security in ACLs
• [MT-1044] - Warning Logs from Address Groups


New Feature

• [MT-759] - Add TAGS to merged objects (address and services) and policies (security and NAT)
• [MT-849] - Add Tags to multiple address objects (multiedit)
• [MT-1026] - CSV Import - add option to delete lines


• [MT-844] - API Key. Make the request in background
• [MT-864] - Export: Change to Job
• [MT-1010] - NAT policy export - add column and values for 'Translation Type'
• [MT-1013] - Add on Objects: selected item from right click on Menú options
• [MT-1016] - WebUI change - App-ID adoption
• [MT-1035] - Address. Improve performance to process address and address groups
• [MT-1037] - IRON-SKILLET. Add templates for version 9.0
• [MT-1038] - Change report name - M.LEARNING Traffic report
• [MT-1045] - CSV. AutoMap Columns based on CSV Header



Version 1.1.15

Date 15/04/2019


  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-1007] - XML generation - inserting invalid tunnel interface configuration
  • [MT-1008] - App-Override - Transform App to Service is generation an incorrect timeout
  • [MT-1019] - Merge - cannot merge 'Log forwarding profile'
  • [MT-1020] - Service Merge. Error while merging two services

New Feature

  • [MT-759] - Add TAGS to merged objects and policies


  • [MT-1014] - Increase height of the window that shows the results of the merge


Version 1.1.14

Date 12/04/2019



  • [MT-768] - Consolidate - do not mix and match rules with services and applications
  • [MT-1000] - Expedition Exporting Configuration with "read-only" (reported by Luke)


Version 1.1.13

Date 10/04/2019


  • [MT-757] - MERGE - issue found when setting unused object as primary for merge
  • [MT-937] - Web UI - Remove the "Register as Regions" button
  • [MT-942] - XML generation - orphan XML tag being added
  • [MT-953] - Rule merge all results
  • [MT-986] - WebUI - (Predefined) Nat noNAT not working correctly
  • [MT-998] - Web UI - graphic not rendering correctly
  • [MT-1009] - Expedition Cross Site Scripting in devices View (Description field)


  • [MT-308] - Verify all scripts in /bin have the sessionControl.php


  • [MT-975] - MULTI-EDIT - enable the 'Description' option
  • [MT-995] - Ghost object - replace the "/" in the name after transforming
  • [MT-996] - Wording change in UI


Version 1.1.11

Date 28/03/2019


  • [MT-947] - SRX migration - NAT rules not migrating Destination NAT rules correctly
  • [MT-958] - PROJECT. Prevent invalid names for Projects like "create" or "is"
  • [MT-964] - Dashboard. Calculate Ghost when source is not provided
  • [MT-966] - Dashboard. Invalid services do not consider groups with "any" inside
  • [MT-967] - CISCO. Creating service groups with tcp-udp services includes any service
  • [MT-968] - CISCO. Missing some implicit services due to being both tcp and udp
  • [MT-969] - Export to Excel: Nat rules, remove id) from name
  • [MT-972] - Save snapshot - not saving when the snapshot name has blank spaces

New Feature

  • [MT-917] - API Calls. Clear all API Calls.


  • [MT-956] - Dashboard statistics - only calculate unused objects for the most recent imported configuration
  • [MT-957] - Dashboard statistics - add a counter for rules and objects with warnings
  • [MT-959] - Check Used Objects. Calculate objects only for the new source
  • [MT-976] - API Output manager - expand the 'search' to include the 'XML Content'
  • [MT-978] - Dashboard. Include address groups with invalid references


Version 1.1.10

Date 21/03/2019


  • [MT-819] - SRX file migration failed - due to Invalid XML
  • [MT-932] - SRX - NAT policies not migrating correctly
  • [MT-939] - Service override settings need correction in the XML and API output
  • [MT-940] - SRX - migration stalls at importing NAT policies
  • [MT-949] - XML generation is Invalid - Dash in the description causing the failure

New Feature

  • [MT-200] - Convert Long structures to BigInt to support IPv6
  • [MT-941] - SRX - migration support for double NAT configurations
  • [MT-946] - WebUI - add a global indicator for the Expedition agent status
  • [MT-948] - CSV Logs. Show logs per days summary


  • [MT-952] - Update to Sencha 4.2.5


  • [MT-501] - CHECKPOINT R80. Importing objects some are missing
  • [MT-781] - Allow importing of new configurations to be displayed and edited
  • [MT-871] - Add a message after merging configurations
  • [MT-936] - Add a search for Device-Group and Template selections


Version 1.1.7

Date 28/02/2019

   [MT-874] - ZONES: Delete a used zone is performed without a warning
   [MT-879] - Saved Rule Name with the character "*"
   [MT-880] - Filters doesn't search by the character "*"
   [MT-885] - Application object import - commas are causing new lines to be created
   [MT-886] - DEVICES page load timing out causing remote exception when hundreds
   [MT-887] - XML generation failing due to VLAN configured object
   [MT-888] - R80 import - Address group missing some members
   [MT-890] - Iron skillet - base config not passing admin credentials
   [MT-894] - Filter - not matching predefined keywords 'none'
   [MT-897] - Import Project: error when are two or more directories on folder
   [MT-898] - Checkpoint. Missing members in nested groups
   [MT-901] - Zones - incorrect zone being deleted by mistake

   [MT-902] - Iron Skillet - 8.1 XML file not adding template
   [MT-903] - Iron skillet - not copying the MGMT IP information

   [MT-904] - Iron Skillet - API Output manager is generating invalid API requests for deviceconfig
   [MT-905] - Spelling correction - Best practices section
   [MT-908] - XSS in Migration Tool
   [MT-909] - Import/Export Applications ident-by-icmp-type

    [MT-877] - /boot out of space Added as Check from the Dashboard.
    [MT-891] - Iron skillet - Panorama config display enhancement
    [MT-907] - Fixed some Text Typos


Version 1.1.6

Date 14/02/2019

   * [MT-828] - LogConnector: Provide information about used data sources
   * [MT-876] - Change width “Description” column for all Excel export


Version 1.1.5

    * [MT-866] - ScreenOS. Fails importing security rules with hidden chars
    * [MT-872] - ScreenOS: SNMP service incorrectly loaded
    * [MT-860] - Filters. “Starts with” does not filter correctly

    * [MT-814] - Auto Zone Assigment: change title if nat or security policies
    * [MT-815] - Autozone: Bidirectional NATs are not correctly applied
    * [MT-863] - Allow reimporting a configuration with an existing name. Loaded with date suffix


Version 1.1.4

Date 02/05/2019


  • [MT-767] - Consolidate - do not include 'Deny' rules to consolidate if other rules are set to accept
  • [MT-811] - Cisco ASA migration - Auto Zone Assign not calculating the zones for Security rules correctly
  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule
  • [MT-820] - GlobalProtect configuration missing in Expedition tool
  • [MT-823] - Policy Filter in Expedition with option NOT IN NETWORK
  • [MT-826] - Services: override unexpected here. Discarding.
  • [MT-827] - Rule Enrichment: doesn't import correctly application-default
  • [MT-829] - Rule Enrichment: doesn't have save snapshot
  • [MT-834] - Export/Output: Disable override doesnt generated correctly
  • [MT-837] - Export/Output: services with protocol SCTP doesnt generated correctly
  • [MT-842] - LDAP. Authentication not working correctly
  • [MT-845] - Policy Filter with option NOT IN NETWORK doesn’t work
  • [MT-857] - SRX parser - not adding nested service groups
  • [MT-859] - Rule Enrichment: doesn't import correctly source/destination


New Feature

  • Under LDAP servers a new field has been added (account prefix)
  • Now Expedition calculates for all the rules if they are L7 or L4 only.
  • [MT-698] - New Predefined Filter. L4 and L7 Rules
  • [MT-850] - The Discovery window has been splitter in two windows one for ML and another one for Rule Enrichment
  • The ML and RE now supports IPv6 addresses within the logs
  • Expedition will verify if you have access to the logs folder for ML and RE
  • Runtime feedback added while RE and ML is running from the view.
  • [MT-812] - Update BPA Security Policies View with the new Fields
  • [MT-833] - ML: RE: Added Unknown applications to the Analysis
  • [MT-843] - UserRoles. Do not allow SuperUser to change own role
  • Expedition can import the same configuration name into the same project by automatically renaming them with the date-time at the end of the filename.


Version 1.1.2

Date 28/12/2018


  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule


  • [MT-814] - Auto Zone Assigment: change  window title if its nat or security policies
  • [MT-815] - Autozone: Bidirectional NATs are not correctly applied


Version 1.1.1

Date 19/12/2018


  • [MT-812] - Updated Best Practices. The Security Policies View. Updated the Grid Columns


  • Iron-Skillet. Version 1.1 didnt get all the components needed to run IronSkillet. Fixed in 1.1.1



Version 1.1

Date 14/12/2018


  • [MT-407] - Filtering by Nat zone TO doesn't work
  • [MT-597] - Output: Merge zones in the Template
  • [MT-599] - Consolidation: Check for duplicated profiles
  • [MT-602] - Bug with ML server export
  • [MT-604] - Device image models are not rendered correctly.
  • [MT-608] - Rule Enrichment: Add to Existing Rules
  • [MT-622] - FW: Latest Version of Expedition doesn't delete Service Objects
  • [MT-628] - Issue with Custom App-IDs in Expedition
  • [MT-634] - Truncate Names Rules Names/Description v.8.0
  • [MT-636] - ASA Config: Any in group to service
  • [MT-648] - Remote exception when filtering for unused address object groups
  • [MT-651] - New bug detected in 1.0.101 (Email) Duplicated Name, Filter
  • [MT-765] - Update name schedules/log forwarding/zones/monitor, selected ids from rules by source and vsys
  • [MT-766] - Log Forwarding / Schedule: if it's removed need to be removed from rules too.
  • [MT-800] - Tab Click on Policies does not render correctly
  • [MT-808] - Export: output. Remove new policies QoS, PBF, etc.

New Feature

  • [MT-424] - Add Filter Target and Set Add, Remove, Update target etc
  • [MT-600] - Add button Test on Servers
  • [MT-603] - New windows for Test Connection LDAP and Radius
  • [MT-618] - Address: Add Transform IPAddress to object
  • [MT-779] - Add Other Rules: check version 7


  • [MT-792] - LDAP: remove admin from test window


  • [MT-638] - Add Other Rules Import
  • [MT-650] - Add Other Rules: calculate used objects
  • [MT-728] - Unify the two menus of the objects (Address / Address Groups)
  • [MT-729] - Unify the two menus of the objects (Services / Services Groups)
  • [MT-734] - Settings - Servers - LDAP/RADIUS
  • Added Best Practices version 3.6.3
  • Added Iron Skillet under Import -> Palo Alto


Hotfix 1.0.109

Date 10/12/2018


  • [MT-756] - PALOALTO. Some Url categories from PANDB are lost when Expedition imports a Panos Configuration
  • [MT-795] - App-ID PDF Report. Fields with ANY are rendered with the previous value.
  • [MT-804] - Export: output, drag & drop shared response pages fails to merge with the Base Configuration
  • [MT-805] - Export: output API Calls doesn't generate GlobalProtect IPSec Crypto
  • [MT-806] - Export: output API Calls doesn't generate Tunnel Monitor from IPSec Tunnel


  • [MT-475] - Reviewed support for VPN IPSEC in Panos version 8.1
  • [MT-797] - Data Analysis. Added support for Logs from PANOS 9.0.0 beta
  • [MT-798] - Rule ML: Verify if parquet folders exist before execute the analysis
  • [MT-799] - Rule ML: Define default input and output folders
  • [MT-801] - STONESOFT: Load template NAT rules
  • [MT-802] - STONESOFT: Multiple services in NAT rules not loaded


Hotfix 1.0.108

Date 30/11/2018


  • [MT-744] - Reviewed Consolidation Issues: sometime the zones are lost.
  • [MT-748] - Enable or Disable from menu: add/delete Target when is Panorama
  • [MT-760] - Import Palo Alto: Monitor Profile empty action, interval and threshold
  • [MT-763] - Filters by Tag: doesn't work "not contain" and "not equal"
  • [MT-769] - External List: if is removed, Was not removed from rules.
  • [MT-772] - CISCO: ASA migration enhancement request: service as null
  • [MT-773] - Filters: doesnt work negated filters (not equal, not contains)
  • [MT-774] - Add Prefix. Affects to predefined Objects like application-default
  • [MT-775] - Export: output duplicated predefined objects to shared
  • [MT-778] - Export: output API Output Manager doesnt load devices
  • [MT-788] - Dynamic Address Groups, Add TAGs to export as Excel.
  • [MT-789] - Known Applications: create rule: Icons Source/Destination are not rendered correctly
  • [MT-790] - App-ID Reconciliation Reviewed.


  • [MT-787] - LDAP: Test change method from GET to POST


  • [MT-753] - Add options from Rule Action to Bulk Changes on Appoverride Rule's Menu
  • [MT-754] - CSV Import. Static Routes. Rewording Gateway by NextHop
  • [MT-755] - CSV Import. Static Routes. If interface is set and NextHop too add both
  • [MT-783] - Query the summary logs for log analysis. App-ID now can query summary database instead the raw log.


Hotfix 1.0.106

Date 10/01/2018


  • [MT-677] - CHECKPOINT. Add Target to NAT Rules
  • [MT-678] - CHECKPOINT. Read Headers for NAT as we do for Security
  • [MT-683] - CHECKPOINT. Negated Services in Rule
  • [MT-684] - Activate Rule Actions via rightclick (Nat)
  • [MT-692] - Combine rules from Main Menu
  • [MT-695] - Remapping Interfaces on a Panos configuration added interface in source nat.
  • [MT-708] - SRX. Interfaces not imported due to single quotes in comments
  • [MT-709] - Objects. Address and Groups View. Tag is not shown correctly
  • [MT-713] - Fix duplicated rule name with the maximum name length according to the version


  • [MT-686] - Unify the two menus of the rules (Nat)
  • [MT-688] - Add Option "Select All Rules"
  • [MT-691] - Menu Nat rules: set "selection" or "all rules" from all options
  • [MT-717] - STONESOFT. Added support for multiple policy jumps


Hotfix 1.0.105

Date 09/19/2018


  • [MT-263] - Activate ML/RE rules via rightclick without clicking firs with the left button.
  • [MT-676] - MultiEdit changed parameters from GET to POST
  • [MT-679] - Activate Set as Primary objects via rightclick without clicking firs with the left button.
  • [MT-680] - Activate Rule Actions via rightclick (Security) without clicking firs with the left button.
  • [MT-681] - CombineSecurity rules from Main Menu was not working properly
  • [MT-682] - CISCO. The function addPrefixSuffix was removed. Added again to avoid import crash if ipsec tunnels defined.
  • [MT-685] - Activate Rule Actions via rightclick (Application Override) without clicking firs with the left button.
  • [MT-689] - STONESOFT. Some member groups where created as duplicated objects because the naming
  • [MT-693] - STONESOFT. Address differenciate between IPv4 and IPv6
  • [MT-705] - Add "Case Sensitive" on Menu option: "Search&Replace"
  • [MT-706] - Export: Source configuration: missing Applications Groups

New Features:

  • [MT-360] - Improve Rule Search to include "by ID" in the search not just by name
  • [MT-701] - Rule Menus: Added option "All Rules" to "Add Serial" to all the selection


  • [MT-86] - Output: Drop Apps into Shared: AppGroups where not moved properly
  • [MT-519] - Join the two menus of the rules (Security)
  • [MT-613] - Add Filter: (Predefined) Rules with Users
  • [MT-687] - Join the two menus of the rules (Application Override)
  • [MT-700] - STONESOFT. Use Objects in Memory for speed up migrations
  • [MT-704] - Search & Replace: add Id] on grid "Replace"



Hotfix 1.0.104

Date 09/03/2018


  • [MT-633] - Virtual Routes: edit static routes doesnt oder by column

  • [MT-667] - Consolidations/Merge Nats

  • [MT-668] - MERGE Objects. The Descriptions are appended even they are equal

  • [MT-669] - Error JavaScript ServerProxy store Translation Type on Nat Editor

  • [MT-672] - Remote exception when filtering for unused when clicked on Dashboard

  • [MT-673] - Cloned Rule Nat

  • [MT-674] - STONESOFT. Cidr from objects are not imported

  • [MT-675] - STONESOFT. After GroupMember2IdAddress_improved new dummy objects were created

New Functions:

  • [MT-577] - Project Import. Verify the size of the file is smaller than MAX
  • [MT-670] - Filters Nat/App override Policies: Add filter with Target


Hotfix 1.0.103

Date 08/28/2018


  • [MT-654] - Tools: cloned rule exceeds the max lenght.
  • [MT-661] - Merge by value. Descriptions were incorrectly merged between objects.
  • [MT-663] - Missing options to calculate invalid services
  • [MT-666] - Rule Enrichment is not importing discovered rules

New Functions:

  • [MT-662] - SNIPPETS. Add new type SPYWARE



Hotfix 1.0.92

Date 06/22/2018


  • Output generation was broken if non utf characters or "&" were found in the description fields. 

New Functions:

  • Stonesoft: Added support for refuse action to be mapped with reset-both instead of drop


Hotfix 1.0.91

Date 06/21/2018


  • Cisco Nats: Improved the support for object nats.

New Functions:

  • Added Best Practices version 3.0.6
  • After the Update you have to run an script to update to python36
      sudo bash /var/www/html/OS/BPA/updateBPA306.sh


by axtiooon
on ‎08-07-2018 05:51 AM

Hi, what about the newer versions 1.0.100 ... maybe its possible to show the changelog directly in the tools dashboard.


Thanks in advance,


by Gun-Slinger
on ‎09-28-2018 07:12 AM

Where do you find the HF's for download?

by asheikh
on ‎10-02-2018 05:39 PM

HI Gun-Slinger

Please follow the normal upgrade process to upgrade to latest version


by AlexSieber
on ‎12-28-2018 08:20 AM

the 1.1.1 release unfortunately still suffers the "type" problem when creating ldap servers:



by srogatnev
a week ago



Can you pls point out to a link for "normal upgrade process" ? Thanks