Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet. https://github.com/PaloAltoNetworks/iron-skillet
Generate the XML configuration by running this command from the CLI
show configuration | display xml | no-more
Before you import a Juniper SRX into Expedition, there are some manual checks we can do to verify the migration will work.
The configuration must start only with <configuration> tag, you have to replace everything before or inside that tag by only <configuration>
The configuration must end with </configuration> any other text after it must be removed
Here's an example on how a SRX config should look when you edit:
<configuration> .... .... </configuration>
For integrity validation is a good practice try to open the XML file from FIREFOX browser becasue if something is breaking the XML integretity FIREFOX will notice to you which line has an invalid character. You must replace the invalid character before upload it to Expedition
This is an example of wrong configuration. It seems someone created the file but stored with wrong jumps on it, so Firefox will complain about the format.
If we edit the file, we can see this at line 911 of the config file:
<pre-shared-key> <ascii-text>$9$4xxxxxxxxxxxx</asc ii-text> </pre-shared-key>
To fix this example, we have to remove the break line after </asc to:
<pre-shared-key> <ascii-text>$9$4xxxxxxxxxxxx</ascii-text> </pre-shared-key>
Fix all the problems before importing into Expedition.
Hope this helps.