Expedition 1 on Ubuntu 20.04 Server

cancel
Showing results for 
Search instead for 
Did you mean: 
L5 Sessionator
Did you find this article helpful? Yes No
No ratings

Hello!

 

We know you are all concerned on having the Expedition tool on an old not-supported Ubuntu. You had requested several times to increase support for newer versions of the OS, and we have finally reached to the point we can present Expedition on Ubuntu 20.04 LTS.

 

We have updated our Expedition installer and some internal modules (Spark codes, database structures and webserver backend) to be able to support the tool installation on the current Ubuntu 20.04 LTS.

The installation process is very similar as it used to be, but to help you in the task, we have written an Instructions document with multiple images that will certainly guide you.

 

And, on top of all this, we are providing a Transfer Assistant that will help you transferring all your Expedition projects, devices, user credentials, traffic logs, etc. from your old Expedition to a new one.

 
You will find the Installation document in our Expedition Documents section:
 
Let's start a new Expedition together!
Rate this article:
Comments
L1 Bithead

Quick note -- just did a fresh install on this as documented, but the ML IP was not reachable.  It was subtle issue -- the IP field looked right, but had a trailing space.  Once corrected, the problem resolved.

L0 Member

Where can we find the installer for the Ubuntu 20.04 version? 

 

The installer from the link on the main Expedition page appears to not be pointing the newer version. I get an error saying the installer is for 16.04 and that I'm running 20.04.

L5 Sessionator

Hi @crumford  Please access the installation guide here: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...

 

There is a link to download the installer. 

L0 Member

Which Ubuntu 20.04 edition is it? The headers refer to 64-bits ARM, but the screenshots in some cases refer to 64-bits AMD.

L5 Sessionator

Current latest version is v20.04.03 LTS , please see below screenshot:

 

Screen Shot 2021-09-24 at 10.53.36 AM.png

L4 Transporter

Hi

I have an existing Ubuntu 16.04 server running Expedition v1.1.68.

 

Will that still work to migrate an SRX?  Can I update Expedition to the latest hotfix or do I need to upgrade to Ubuntu 20.04?

 

I'm on a time crunch so I don't really have enough time to spend on an upgrade 😞

 

Thanks!

L5 Sessionator

You can upgrade the expedition to the latest by issue below two commands

 

$sudo apt-get update

$sudo apt-get install expedition-beta

L4 Transporter

Thanks.  Sorry if this is documented somewhere (I didn't setup our Expedition server and the person who did no longer works here), but after everything runs there are these two lines at the end:

 

its recommended to run after install: apt-get -y -f install
its recommended to run after install: sudo apt-get autoremove

 

Do I need to run these commands? I did confirm that the GUI shows the latest version.

L5 Sessionator

Yes, it's recommended to run both commands after you upgrade the expedition package. 

$sudo apt-get -y -f install

$sudo apt-get autoremove

L2 Linker

Hi Everyone

 

We did a fresh install of Ubuntu 20.04 and Expedition with the new installer.

For us there are two things not working

- Radius Authentication 

- ML Learning > Processing files

 

Details:

- Radius Authentication:

we can configure the Radius Server but doing a "test" will only show "error" nothing more. On our old Expedition Server we get a error message if the User was rejected or if auth was successful.

- ML Learning > Processing files

We see all the files under the Device (in our case the Panorama) but when we select a single file or multiple files. we cannot click/select the "Process Enabled Files" button

We can toggle all or just single files between "Disable Files/Enable Files"

 

Are these still some open issues that will get addressed or is there something else wrong with this install and someone might be able to help here.

Thank you and best regards

Alex

L5 Sessionator

@AlexNC 

 

For Radius Authentication,  could you please check if you have additional information in the /var/log/apache/error.log file?

 

For ML Process Files, you will need to go the firewall device not Panorama, After you added the Panorama as device, you can then click on the right upper corner show all device icon Screen Shot 2021-10-18 at 9.10.10 AM.png, then try to process the logs in the firewall device. 

 

 

L2 Linker

@lychiang 

 

Yes you are correct, of course I had to go to the actual device and not Panorama itself.

 

Regarding the Radius authentication, i got the following error from the log you mentioned:
[Thu Oct 20 17:32:35.870372 2021] [:error] [pid 50121] [client CLIENT-IP:55677] PHP Fatal error: Uncaught Error: Call to undefined functio
n radius_auth_open() in /var/www/html/userManager/API/auth/login.php:134\nStack trace:\n#0 /var/www/html/bin/Auth.php(168): login('username'
, 'password')\n#1 {main}\n thrown in /var/www/html/userManager/API/auth/login.php on line 134, referer: https://expedition.hostname.com/

 

Thank you for your help and best regards

 

L2 Linker

Does that sound like a Bug in expedition or something else wrong with my installation?

 

Cheers

Alex

L5 Sessionator

Hi @AlexNC , this is a bug in Expedition, we are aware of the issue , will provide fix later. 

L2 Linker

Hello @lychiang thank you for getting back to me and letting me know about it.
Looking forward to the fix.

Thank you and best regards

Alex

L2 Linker

@lychiang today I noticed that under Devices it shows for example 3 CSV files ready. When I expand the Device tree to see all devices managed by Panorama in Epxedition, none of the devices show any CSV files. 
When I select the firewall device that has the 3 CSV files I do see them und M. Learning.

Is this a Bug? i can't recall how it was on the old Expedition instance with 16.04

 

Cheers

Alex

L5 Sessionator

This is the same as in Ubuntu 16.04.  No bug reported. You will see all CSV files on Panorama , but when you need to process , you will need to go to the firewall device that owns those traffic logs to be able to see them and process them.. The serial# of the firewall need to match the firewall serial# in the traffic log.   

L0 Member

Hi, Maybe a dumb question but I'm not a Linux expert whatsoever.

 

I did follow the installation guide "https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...

 

Whenever I finish the execution and installation of the initSetup.sh, I rebooted the VM, however, I'm unable to reach the IP address from the VM. It seems that the Ubuntu server is refusing the sessions. 

 

I did check the networking, it should be reachable, I do have a server running in the same subnet. Also, I've tried installing version 2.0. shown in "https://panos.pan.dev/docs/expedition/expedition_qs/" and it was successful, however, it has a lot of bugs.

 

 

 

 

L5 Sessionator

Hi @josecuevasn  

 

Please note, Expedition version 1.x and 2.x are not supposed to live on the same ubuntu VM.  I would suggest below steps:

1. Follow the installation guide you mentioned in the previous post to install a new ubuntu VM first.

2. After Ubuntu VM is up, please make sure you verify the IP of the ubuntu VM and make sure you can ping the VM from your desktop

3. If you are able to reach the VM, then proceed to the steps on running the expedition 1.x installer. 

 

 

L0 Member

Hi, @lychiang  Thanks for your quick response.

 

I tried to follow the guide again from scratch with a recently installed ubuntu server, it seems that the version available on the installation guide is version 2.0 (expedition1_Installer_v2.0.tgz)

 

I'm able to ping the VM, however, I'm still not able to log in using the web browser

 

The image below shows the finished installation process 

 

josecuevasn_1-1636397364554.png

After that, I did reboot the VM, but web service is still unreachable 

 

josecuevasn_2-1636397463533.png

 

 

L5 Sessionator

Does the VM has multiple nic card.  The link on the installation guide will take you to the right installer . it 's expedition 1.x installer version 2.0.   It seems like your apache server might not be running.   I would suggest you follow the guide to install a new ubuntu server since your recent Ubuntu server might not be a clean install with no expedition on it.  

L0 Member

@josecuevasn  I had a similar issue today. Fresh install of ubuntu/ 20.04/expedition and the web ui would not load. I could ping and ssh to the server but nothing on 80/443. 

 

Finally fixed it by stopping the firewall services  - "systemctl stop firewalld" . Not sure this is the best way to go but it got me in.  

L0 Member

I have the same issue with RADIUS not working.  Is there a good way to find out when this issue is resolved?

L5 Sessionator

Hi @gwarn70 

 

Please try below steps for troubleshooting radius issues : 

 

1) Check if php7.0-radius installed on your VM: 
 
$php -m 
 
2) If it’s not installed , get radius php7.0 installed
 
$sudo apt-get install php7.0-radius
 
3) Remove packages not needed.
 
$sudo apt autoremove
 
4) Check again if php7.0-radius is installed on the VM 
 
$php -m
 
5) Confirm php CLI is 7.0
 
php -version
L0 Member

this worked thank you!! (had to trim the $)

 
1) Check if php7.0-radius installed on your VM: 
php -m 
2) If it’s not installed , get radius php7.0 installed
sudo apt-get install php7.0-radius
3) Remove packages not needed.
sudo apt autoremove
4) Check again if php7.0-radius is installed on the VM 
php -m
5) Confirm php CLI is 7.0
php -version
Register or Sign-in
Contributors
Article Dashboard
Version history
Last update:
‎09-14-2021 02:39 AM
Updated by: