Expedition Release Notes for Hotfixes

Expedition Release Notes for Hotfixes


Release Notes:

Version 1.1.24

Date 12/06/2019


  • [MT-1087] - Web UI - multiple refreshes automatically after upgrade to 1.1.21
  • [MT-1091] - Interfaces: when edit lost IP Address
  • [MT-1092] - XML generation - failing to generate XML file
  • [MT-1095] - Interfaces: remove Link Settings from Vlan, Loopback and Tunnel
  • [MT-1096] - Interfaces Log Card/Decrypt Mirror: Import/Edit/Export
  • [MT-1098] - Interfaces: remove field Type from Vlan, Loopback and Tunnel
  • [MT-1103] - JOBS Listing. Include STARTED tasks in the view of pending
  • [MT-1104] - Spark Log. Create entry for RuleDistanceCalculator
  • [MT-1109] - CSV Summary. Perform the summary on HA device as well


  • [MT-1106] - Script New Installation. Located in /var/www/html/OS/installation


  • [MT-1100] - HealthCheck Jobs. Verify all the jobs are correctly reported
  • [MT-1101] - Device Reload. Force device reload on "reload", not on tab click
  • [MT-1102] - Snippet Reload. Force snippet reload on "reload", not on tab click


Version 1.1.23

Date 2/06/2019


  • [MT-1105] - GUI Logging loop. Control when backend does not report correctly a valid login.


Version 1.1.22

Date 30/05/2019


  • [MT-1050] - CISCO. upd www not created correctly (reported by R. Ouaini)


  • [MT-571] - SPARK: ML_NewRules Reduce time and memory consumption
  • [MT-1006] - Devices - hide the API key's
  • [MT-1060] - ASA migration - migrate service 'domain' as TCP/UDP 53
  • [MT-1074] - Interfaces: Add PagingToolbar
  • [MT-1086] - Policies. Show again the "all" rules
  • [MT-1089] - Discovery Button: Make it all clickable
  • [MT-1093] - Spark CSV. Improve memory and disk usage for debug


Version 1.1.21

Date 27/05/2019


  • [MT-1036] - Rule Enrichment - App-ID being included in imported rules with 'Application' unchecked
  • [MT-1078] - CSV Import - Import of security policies not incrementing Rule ID's correctly


  • [MT-1084] - CSV Autoprocess. Show current system time for autoprocess assistance
  • [MT-1085] - CSV rights. Script to modify CSV log rights to emable www-data delete the files


Version 1.1.20

Date 24/05/2019


  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly
  • [MT-1070] - Panorama: add on Interface Type: "Log Card", "Decrypt Mirror"
  • [MT-1075] - Predefined Filter “Duplicated Name” Not Worked as Expected


  • [MT-1005] - CSV Import - services add field for source port
  • [MT-1071] - CSV Logs. Schedule log processing (autoprocessing)
  • [MT-1081] - HealthCheck Summary to fast spot healthcheck issues
  • [MT-1082] - HealthCheck. Verify Temp Data Structure rights
  • [MT-1083] - Spark. Separate temp data structure from parquet paths


Version 1.1.19

Date 16/05/2019


  • [MT-1001] - CSV import - do not allow Security policies to be imported into 'Shared'
  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly


  • [MT-1068] - CSV Parquet. Split CSV files into buckets based on available RAM. Reduce chances for memoryoverhead error

New Feature

  • [MT-1069] - environtmentParameters. Verify that all required parameters are defined via a healthcheck


Version 1.1.18

Date 13/05/2019


• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-1039] - Zone names - max characters is 31 - expedition recognizes only up to 15
• [MT-1046] - WebUI - Filter for Address --> Type needs to be corrected
• [MT-1059] - Slow performance - when removing unused objects
• [MT-1065] - Filters: duplicated Name & Value on AddressGroups


• [MT-858] - Usability improvement feature: Add status icon for Project exports
• [MT-1061] - Change "No rules configured" to "Select a vsys with rules"
• [MT-1067] - CSV Parquet. Use available RAM



Version 1.1.17

Date 06/05/2019



  • [MT-403] - CISCO. The field devicegroup shows "default" instead of filename
  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-961] - ScreenOS - service configs with multiple ports and protocols with SRC settings not migrating correctly
  • [MT-1048] - Dashboard - Disk Space message - updated Live Community link
  • [MT-1051] - TAG "merged" is used by objects but not exported to the XML
  • [MT-1052] - Edit Security Rules: add/edit tag change with id
  • [MT-1056] - Policy count reporting error. Vsys "all" will not display security rules.
  • [MT-1057] - WebUI - wording changes


  • [MT-999] - Mark Checkpoint policies with a Warning when migrated from an action not set to allow or deny
  • [MT-1012] - UI wording change - Search and Replace - change 'VSYS' to 'VSYS / DG'


Version 1.1.16

Date 30/04/2019


• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
• [MT-994] - Address merge - perform a precheck for Ghost objects. Do not let ghost objects to be merged
• [MT-1004] - Virtual Router - Route sorting not working
• [MT-1017] - Add LACP Port Priority on Interface when type is Aggregate Ethernet (reported by Luke)
• [MT-1027] - ASA migration - failing to complete the migration
• [MT-1029] - Add Tag Column on Grid Applications
• [MT-1030] - PANOS. Panoram read-only. Dont create it if max id is 0
• [MT-1031] - XML generation - <import> - importing unneeded interfaces causing commit to fail
• [MT-1032] - Checkpoint R80.20 - Address groups not being migrated
• [MT-1033] - Interfaces: update interfaces on other tables
• [MT-1042] - CSV. After read the content of a csv file go to PAGE1 by default.
• [MT-1043] - CISCO. Support for address-group security in ACLs
• [MT-1044] - Warning Logs from Address Groups


New Feature

• [MT-759] - Add TAGS to merged objects (address and services) and policies (security and NAT)
• [MT-849] - Add Tags to multiple address objects (multiedit)
• [MT-1026] - CSV Import - add option to delete lines


• [MT-844] - API Key. Make the request in background
• [MT-864] - Export: Change to Job
• [MT-1010] - NAT policy export - add column and values for 'Translation Type'
• [MT-1013] - Add on Objects: selected item from right click on Menú options
• [MT-1016] - WebUI change - App-ID adoption
• [MT-1035] - Address. Improve performance to process address and address groups
• [MT-1037] - IRON-SKILLET. Add templates for version 9.0
• [MT-1038] - Change report name - M.LEARNING Traffic report
• [MT-1045] - CSV. AutoMap Columns based on CSV Header



Version 1.1.15

Date 15/04/2019


  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-1007] - XML generation - inserting invalid tunnel interface configuration
  • [MT-1008] - App-Override - Transform App to Service is generation an incorrect timeout
  • [MT-1019] - Merge - cannot merge 'Log forwarding profile'
  • [MT-1020] - Service Merge. Error while merging two services

New Feature

  • [MT-759] - Add TAGS to merged objects and policies


  • [MT-1014] - Increase height of the window that shows the results of the merge


Version 1.1.14

Date 12/04/2019



  • [MT-768] - Consolidate - do not mix and match rules with services and applications
  • [MT-1000] - Expedition Exporting Configuration with "read-only" (reported by Luke)


Version 1.1.13

Date 10/04/2019


  • [MT-757] - MERGE - issue found when setting unused object as primary for merge
  • [MT-937] - Web UI - Remove the "Register as Regions" button
  • [MT-942] - XML generation - orphan XML tag being added
  • [MT-953] - Rule merge all results
  • [MT-986] - WebUI - (Predefined) Nat noNAT not working correctly
  • [MT-998] - Web UI - graphic not rendering correctly
  • [MT-1009] - Expedition Cross Site Scripting in devices View (Description field)


  • [MT-308] - Verify all scripts in /bin have the sessionControl.php


  • [MT-975] - MULTI-EDIT - enable the 'Description' option
  • [MT-995] - Ghost object - replace the "/" in the name after transforming
  • [MT-996] - Wording change in UI


Version 1.1.11

Date 28/03/2019


  • [MT-947] - SRX migration - NAT rules not migrating Destination NAT rules correctly
  • [MT-958] - PROJECT. Prevent invalid names for Projects like "create" or "is"
  • [MT-964] - Dashboard. Calculate Ghost when source is not provided
  • [MT-966] - Dashboard. Invalid services do not consider groups with "any" inside
  • [MT-967] - CISCO. Creating service groups with tcp-udp services includes any service
  • [MT-968] - CISCO. Missing some implicit services due to being both tcp and udp
  • [MT-969] - Export to Excel: Nat rules, remove id) from name
  • [MT-972] - Save snapshot - not saving when the snapshot name has blank spaces

New Feature

  • [MT-917] - API Calls. Clear all API Calls.


  • [MT-956] - Dashboard statistics - only calculate unused objects for the most recent imported configuration
  • [MT-957] - Dashboard statistics - add a counter for rules and objects with warnings
  • [MT-959] - Check Used Objects. Calculate objects only for the new source
  • [MT-976] - API Output manager - expand the 'search' to include the 'XML Content'
  • [MT-978] - Dashboard. Include address groups with invalid references


Version 1.1.10

Date 21/03/2019


  • [MT-819] - SRX file migration failed - due to Invalid XML
  • [MT-932] - SRX - NAT policies not migrating correctly
  • [MT-939] - Service override settings need correction in the XML and API output
  • [MT-940] - SRX - migration stalls at importing NAT policies
  • [MT-949] - XML generation is Invalid - Dash in the description causing the failure

New Feature

  • [MT-200] - Convert Long structures to BigInt to support IPv6
  • [MT-941] - SRX - migration support for double NAT configurations
  • [MT-946] - WebUI - add a global indicator for the Expedition agent status
  • [MT-948] - CSV Logs. Show logs per days summary


  • [MT-952] - Update to Sencha 4.2.5


  • [MT-501] - CHECKPOINT R80. Importing objects some are missing
  • [MT-781] - Allow importing of new configurations to be displayed and edited
  • [MT-871] - Add a message after merging configurations
  • [MT-936] - Add a search for Device-Group and Template selections


Version 1.1.7

Date 28/02/2019

   [MT-874] - ZONES: Delete a used zone is performed without a warning
   [MT-879] - Saved Rule Name with the character "*"
   [MT-880] - Filters doesn't search by the character "*"
   [MT-885] - Application object import - commas are causing new lines to be created
   [MT-886] - DEVICES page load timing out causing remote exception when hundreds
   [MT-887] - XML generation failing due to VLAN configured object
   [MT-888] - R80 import - Address group missing some members
   [MT-890] - Iron skillet - base config not passing admin credentials
   [MT-894] - Filter - not matching predefined keywords 'none'
   [MT-897] - Import Project: error when are two or more directories on folder
   [MT-898] - Checkpoint. Missing members in nested groups
   [MT-901] - Zones - incorrect zone being deleted by mistake

   [MT-902] - Iron Skillet - 8.1 XML file not adding template
   [MT-903] - Iron skillet - not copying the MGMT IP information

   [MT-904] - Iron Skillet - API Output manager is generating invalid API requests for deviceconfig
   [MT-905] - Spelling correction - Best practices section
   [MT-908] - XSS in Migration Tool
   [MT-909] - Import/Export Applications ident-by-icmp-type

    [MT-877] - /boot out of space Added as Check from the Dashboard.
    [MT-891] - Iron skillet - Panorama config display enhancement
    [MT-907] - Fixed some Text Typos


Version 1.1.6

Date 14/02/2019

   * [MT-828] - LogConnector: Provide information about used data sources
   * [MT-876] - Change width “Description” column for all Excel export


Version 1.1.5

    * [MT-866] - ScreenOS. Fails importing security rules with hidden chars
    * [MT-872] - ScreenOS: SNMP service incorrectly loaded
    * [MT-860] - Filters. “Starts with” does not filter correctly

    * [MT-814] - Auto Zone Assigment: change title if nat or security policies
    * [MT-815] - Autozone: Bidirectional NATs are not correctly applied
    * [MT-863] - Allow reimporting a configuration with an existing name. Loaded with date suffix


Version 1.1.4

Date 02/05/2019


  • [MT-767] - Consolidate - do not include 'Deny' rules to consolidate if other rules are set to accept
  • [MT-811] - Cisco ASA migration - Auto Zone Assign not calculating the zones for Security rules correctly
  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule
  • [MT-820] - GlobalProtect configuration missing in Expedition tool
  • [MT-823] - Policy Filter in Expedition with option NOT IN NETWORK
  • [MT-826] - Services: override unexpected here. Discarding.
  • [MT-827] - Rule Enrichment: doesn't import correctly application-default
  • [MT-829] - Rule Enrichment: doesn't have save snapshot
  • [MT-834] - Export/Output: Disable override doesnt generated correctly
  • [MT-837] - Export/Output: services with protocol SCTP doesnt generated correctly
  • [MT-842] - LDAP. Authentication not working correctly
  • [MT-845] - Policy Filter with option NOT IN NETWORK doesn’t work
  • [MT-857] - SRX parser - not adding nested service groups
  • [MT-859] - Rule Enrichment: doesn't import correctly source/destination


New Feature

  • Under LDAP servers a new field has been added (account prefix)
  • Now Expedition calculates for all the rules if they are L7 or L4 only.
  • [MT-698] - New Predefined Filter. L4 and L7 Rules
  • [MT-850] - The Discovery window has been splitter in two windows one for ML and another one for Rule Enrichment
  • The ML and RE now supports IPv6 addresses within the logs
  • Expedition will verify if you have access to the logs folder for ML and RE
  • Runtime feedback added while RE and ML is running from the view.
  • [MT-812] - Update BPA Security Policies View with the new Fields
  • [MT-833] - ML: RE: Added Unknown applications to the Analysis
  • [MT-843] - UserRoles. Do not allow SuperUser to change own role
  • Expedition can import the same configuration name into the same project by automatically renaming them with the date-time at the end of the filename.


Version 1.1.2

Date 28/12/2018


  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule


  • [MT-814] - Auto Zone Assigment: change  window title if its nat or security policies
  • [MT-815] - Autozone: Bidirectional NATs are not correctly applied


Version 1.1.1

Date 19/12/2018


  • [MT-812] - Updated Best Practices. The Security Policies View. Updated the Grid Columns


  • Iron-Skillet. Version 1.1 didnt get all the components needed to run IronSkillet. Fixed in 1.1.1



Version 1.1

Date 14/12/2018


  • [MT-407] - Filtering by Nat zone TO doesn't work
  • [MT-597] - Output: Merge zones in the Template
  • [MT-599] - Consolidation: Check for duplicated profiles
  • [MT-602] - Bug with ML server export
  • [MT-604] - Device image models are not rendered correctly.
  • [MT-608] - Rule Enrichment: Add to Existing Rules
  • [MT-622] - FW: Latest Version of Expedition doesn't delete Service Objects
  • [MT-628] - Issue with Custom App-IDs in Expedition
  • [MT-634] - Truncate Names Rules Names/Description v.8.0
  • [MT-636] - ASA Config: Any in group to service
  • [MT-648] - Remote exception when filtering for unused address object groups
  • [MT-651] - New bug detected in 1.0.101 (Email) Duplicated Name, Filter
  • [MT-765] - Update name schedules/log forwarding/zones/monitor, selected ids from rules by source and vsys
  • [MT-766] - Log Forwarding / Schedule: if it's removed need to be removed from rules too.
  • [MT-800] - Tab Click on Policies does not render correctly
  • [MT-808] - Export: output. Remove new policies QoS, PBF, etc.

New Feature

  • [MT-424] - Add Filter Target and Set Add, Remove, Update target etc
  • [MT-600] - Add button Test on Servers
  • [MT-603] - New windows for Test Connection LDAP and Radius
  • [MT-618] - Address: Add Transform IPAddress to object
  • [MT-779] - Add Other Rules: check version 7


  • [MT-792] - LDAP: remove admin from test window


  • [MT-638] - Add Other Rules Import
  • [MT-650] - Add Other Rules: calculate used objects
  • [MT-728] - Unify the two menus of the objects (Address / Address Groups)
  • [MT-729] - Unify the two menus of the objects (Services / Services Groups)
  • [MT-734] - Settings - Servers - LDAP/RADIUS
  • Added Best Practices version 3.6.3
  • Added Iron Skillet under Import -> Palo Alto


Hotfix 1.0.109

Date 10/12/2018


  • [MT-756] - PALOALTO. Some Url categories from PANDB are lost when Expedition imports a Panos Configuration
  • [MT-795] - App-ID PDF Report. Fields with ANY are rendered with the previous value.
  • [MT-804] - Export: output, drag & drop shared response pages fails to merge with the Base Configuration
  • [MT-805] - Export: output API Calls doesn't generate GlobalProtect IPSec Crypto
  • [MT-806] - Export: output API Calls doesn't generate Tunnel Monitor from IPSec Tunnel


  • [MT-475] - Reviewed support for VPN IPSEC in Panos version 8.1
  • [MT-797] - Data Analysis. Added support for Logs from PANOS 9.0.0 beta
  • [MT-798] - Rule ML: Verify if parquet folders exist before execute the analysis
  • [MT-799] - Rule ML: Define default input and output folders
  • [MT-801] - STONESOFT: Load template NAT rules
  • [MT-802] - STONESOFT: Multiple services in NAT rules not loaded


Hotfix 1.0.108

Date 30/11/2018


  • [MT-744] - Reviewed Consolidation Issues: sometime the zones are lost.
  • [MT-748] - Enable or Disable from menu: add/delete Target when is Panorama
  • [MT-760] - Import Palo Alto: Monitor Profile empty action, interval and threshold
  • [MT-763] - Filters by Tag: doesn't work "not contain" and "not equal"
  • [MT-769] - External List: if is removed, Was not removed from rules.
  • [MT-772] - CISCO: ASA migration enhancement request: service as null
  • [MT-773] - Filters: doesnt work negated filters (not equal, not contains)
  • [MT-774] - Add Prefix. Affects to predefined Objects like application-default
  • [MT-775] - Export: output duplicated predefined objects to shared
  • [MT-778] - Export: output API Output Manager doesnt load devices
  • [MT-788] - Dynamic Address Groups, Add TAGs to export as Excel.
  • [MT-789] - Known Applications: create rule: Icons Source/Destination are not rendered correctly
  • [MT-790] - App-ID Reconciliation Reviewed.


  • [MT-787] - LDAP: Test change method from GET to POST


  • [MT-753] - Add options from Rule Action to Bulk Changes on Appoverride Rule's Menu
  • [MT-754] - CSV Import. Static Routes. Rewording Gateway by NextHop
  • [MT-755] - CSV Import. Static Routes. If interface is set and NextHop too add both
  • [MT-783] - Query the summary logs for log analysis. App-ID now can query summary database instead the raw log.


Hotfix 1.0.106

Date 10/01/2018


  • [MT-677] - CHECKPOINT. Add Target to NAT Rules
  • [MT-678] - CHECKPOINT. Read Headers for NAT as we do for Security
  • [MT-683] - CHECKPOINT. Negated Services in Rule
  • [MT-684] - Activate Rule Actions via rightclick (Nat)
  • [MT-692] - Combine rules from Main Menu
  • [MT-695] - Remapping Interfaces on a Panos configuration added interface in source nat.
  • [MT-708] - SRX. Interfaces not imported due to single quotes in comments
  • [MT-709] - Objects. Address and Groups View. Tag is not shown correctly
  • [MT-713] - Fix duplicated rule name with the maximum name length according to the version


  • [MT-686] - Unify the two menus of the rules (Nat)
  • [MT-688] - Add Option "Select All Rules"
  • [MT-691] - Menu Nat rules: set "selection" or "all rules" from all options
  • [MT-717] - STONESOFT. Added support for multiple policy jumps


Hotfix 1.0.105

Date 09/19/2018


  • [MT-263] - Activate ML/RE rules via rightclick without clicking firs with the left button.
  • [MT-676] - MultiEdit changed parameters from GET to POST
  • [MT-679] - Activate Set as Primary objects via rightclick without clicking firs with the left button.
  • [MT-680] - Activate Rule Actions via rightclick (Security) without clicking firs with the left button.
  • [MT-681] - CombineSecurity rules from Main Menu was not working properly
  • [MT-682] - CISCO. The function addPrefixSuffix was removed. Added again to avoid import crash if ipsec tunnels defined.
  • [MT-685] - Activate Rule Actions via rightclick (Application Override) without clicking firs with the left button.
  • [MT-689] - STONESOFT. Some member groups where created as duplicated objects because the naming
  • [MT-693] - STONESOFT. Address differenciate between IPv4 and IPv6
  • [MT-705] - Add "Case Sensitive" on Menu option: "Search&Replace"
  • [MT-706] - Export: Source configuration: missing Applications Groups

New Features:

  • [MT-360] - Improve Rule Search to include "by ID" in the search not just by name
  • [MT-701] - Rule Menus: Added option "All Rules" to "Add Serial" to all the selection


  • [MT-86] - Output: Drop Apps into Shared: AppGroups where not moved properly
  • [MT-519] - Join the two menus of the rules (Security)
  • [MT-613] - Add Filter: (Predefined) Rules with Users
  • [MT-687] - Join the two menus of the rules (Application Override)
  • [MT-700] - STONESOFT. Use Objects in Memory for speed up migrations
  • [MT-704] - Search & Replace: add Id] on grid "Replace"



Hotfix 1.0.104

Date 09/03/2018


  • [MT-633] - Virtual Routes: edit static routes doesnt oder by column

  • [MT-667] - Consolidations/Merge Nats

  • [MT-668] - MERGE Objects. The Descriptions are appended even they are equal

  • [MT-669] - Error JavaScript ServerProxy store Translation Type on Nat Editor

  • [MT-672] - Remote exception when filtering for unused when clicked on Dashboard

  • [MT-673] - Cloned Rule Nat

  • [MT-674] - STONESOFT. Cidr from objects are not imported

  • [MT-675] - STONESOFT. After GroupMember2IdAddress_improved new dummy objects were created

New Functions:

  • [MT-577] - Project Import. Verify the size of the file is smaller than MAX
  • [MT-670] - Filters Nat/App override Policies: Add filter with Target


Hotfix 1.0.103

Date 08/28/2018


  • [MT-654] - Tools: cloned rule exceeds the max lenght.
  • [MT-661] - Merge by value. Descriptions were incorrectly merged between objects.
  • [MT-663] - Missing options to calculate invalid services
  • [MT-666] - Rule Enrichment is not importing discovered rules

New Functions:

  • [MT-662] - SNIPPETS. Add new type SPYWARE



Hotfix 1.0.92

Date 06/22/2018


  • Output generation was broken if non utf characters or "&" were found in the description fields. 

New Functions:

  • Stonesoft: Added support for refuse action to be mapped with reset-both instead of drop


Hotfix 1.0.91

Date 06/21/2018


  • Cisco Nats: Improved the support for object nats.

New Functions:

  • Added Best Practices version 3.0.6
  • After the Update you have to run an script to update to python36
      sudo bash /var/www/html/OS/BPA/updateBPA306.sh



Hi, what about the newer versions 1.0.100 ... maybe its possible to show the changelog directly in the tools dashboard.


Thanks in advance,


Where do you find the HF's for download?

HI Gun-Slinger

Please follow the normal upgrade process to upgrade to latest version


the 1.1.1 release unfortunately still suffers the "type" problem when creating ldap servers:





Can you pls point out to a link for "normal upgrade process" ? Thanks