Expedition 2.0 release date: Postponed

Showing results for 
Search instead for 
Did you mean: 
L5 Sessionator
Did you find this article helpful? Yes No
100% helpful (2/2)


Palo Alto Networks,
August 2, 2021


Dear Expedition Users,


During the years, we have evidenced a sustained and increased usage of the Expedition 1.0 tool, earlier known as the Migration Tool. As many of you know, we want to increase the number of functionalities in our tools, to enhance existing functionalities and to improve their quality.


To achieve these improvements, we have decided to join efforts with Professional Services. A dedicated team in Professional Services will take ownership of the code used for configuration translations from third party vendors to PANOS.


This strategy will improve the migrations that we have been offering during the years with the Expedition tool, 

  • increasing the resources in the team dedicated to the translations, 
  • improving the quality assurance with fewer bugs,
  • having a closer the relationship with the Professional Services consultants that consume the translation functionalities on a daily basis, 
  • increasing the number of Use Cases that are supported and
  • decreasing the response time to support new functionalities ,

making the migrations in your projects more pleasant and efficient.


As a consequence, we have taken the decision to postpone the launch of Expedition 2.0 until April 2022, to guarantee the quality of the release and to extend the functionalities that the tool will provide. During this period, Expedition 1.0 will continue to be supported by the Expedition team, and we are working on updating our code and installation process to make it available for Ubuntu Server 20.04.


We would like to remark that Expedition 2.0 will continue being offered free of charge, as well as the translations from third party vendors to PANOS.


The Expedition Team


Rate this article:
L0 Member

Personally I am always in favour of postponed launches (regardless of what it is - new OS patch, new game, new software, you name it) if the aim is to make sure the product is indeed ready. I am sure many people have seen rushed product launches in their professional as well as personal lives where it took months for the devs to actually make the final product stable. I am glad Expedition team is not following this trend.

L0 Member

I've been able to get the script to work on Ubuntu 20.04.  It took a bit of time to update the modules for newer software.  To use the script make sure you have a fresh install of 20.04.  Download the current install file and untar it in a folder.  Rename/delete/move the initSetup.sh file and create a new one with the below code.  Make sure you make the file executable as well!





# Configure variables
declare_variables() {
#user=$(echo "$USER")

bold=$(tput bold)
normal=$(tput sgr0)
#BLACK=$(tput setaf 0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
#YELLOW=$(tput setaf 3)
BLUE=$(tput setaf 4)
#MAGENTA=$(tput setaf 5)
#CYAN=$(tput setaf 6)
#WHITE=$(tput setaf 7)


echo ""
echo "${GREEN}${bold}************************************************************"
echo "$1"
echo "************************************************************${normal}"

if [[ $interactive -eq 1 ]]; then
echo ""
echo "${GREEN}"
echo "$1"
read -p -r "${BLUE}Press enter to continue${normal}"

echo ""
echo "${GREEN}"
echo "$1"
echo "${normal}"

echo "${GREEN}"
echo "$1"
echo "${normal}"

echo "${RED}"
echo "$1"
echo "${normal}"

printTitle "Updating APT"
apt-get update
apt-get install -y software-properties-common
printTitle "Installing Expect"
apt-get install -y expect
printTitle "Installing RSyslog debian repository"
expect -c "
set timeout 60
spawn add-apt-repository ppa:adiscon/v8-stable
expect -re \"Press *\" {
send -- \"\r\"

printTitle "Installing Expedition debian repository"
# wget https://conversionupdates.paloaltonetworks.com/ex-repo.gpg > /etc/apt/trusted.gpg.d/ex-repo.gpg
echo 'deb [trusted=y] https://conversionupdates.paloaltonetworks.com/ expedition-updates/' > /etc/apt/sources.list.d/ex-repo.list

printTitle "Installing RabbitMQ debian repository"
echo 'deb [trusted=y] http://www.rabbitmq.com/debian/ testing main' | tee /etc/apt/sources.list.d/rabbitmq.list
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -

printTitle "Installing MariaDB debian repository"
# (more info: https://www.linuxbabe.com/mariadb/install-mariadb-10-1-ubuntu14-04-15-10)
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
#add-apt-repository 'deb [arch=amd64,i386] http://sgp1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu xenial main'

printTitle "Updating keystore files"
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8
gpg --export --armor F1656F24C74CD1D8 | sudo apt-key add
add-apt-repository ppa:deadsnakes/ppa

apt-get update

#sudo vi /etc/ssh/sshd_config

printTitleWait "Changing CLI root password to 'paloalto'"
echo -e "paloalto\npaloalto" | passwd root

printTitleWait "Installing SSHD service"
sudo apt-get install -y openssh-server

printTitle "Enabling ROOT ssh access"
lineToChange=$(grep -n "PermitRootLogin prohibit-password" $filePath | awk -F ':' '{print $1}')
sed -i "${lineToChange}s/.*/ PermitRootLogin yes/" $filePath;
service sshd restart

# Add ZIP and Zlib
printTitle "Installing ZIP libraries"
apt-get install -y zip
apt-get install -y zlib1g-dev

# Rsyslog
printTitleWait "Installing Rsyslog for syslog Firewall traffic logs"
apt-get install -y rsyslog

systemctl disable syslog.service

cp /lib/systemd/system/rsyslog.service /etc/systemd/system/rsyslog.service
# vi /lib/systemd/system/rsyslog.service
# [Service]

# Type=notify

# ExecStart=/usr/sbin/rsyslogd -n

#update-rc.d rsyslog enable
#systemctl enable rsyslog.service

# Install all Apache required modules
printTitleWait "Installing Apache service and dependencies for PHP"
apt-get install -y apache2 \
php7.4 libapache2-mod-php7.4 \
php7.4-bcmath php7.4-mbstring php7.4-gd php7.4-soap php7.4-zip php7.4-xml php7.4-opcache php7.4-curl php7.4-bz2 \
php7.4-ldap \

# Install openssl for https
printTitle "Activating SSL on Apache"
apt-get install -y openssl
# Enable SSL for the Web Server
a2ensite default-ssl; a2enmod ssl; systemctl restart apache2


# Database Server
printTitleWait "Installing the DB server. " # Please, do not enter a password for root. We will automatically update it later to 'paloalto'.Remember: DO NOT ENTER A PASSWORD"
# printTitleWait "Let us emphasize it: DO NOT ENTER A PASSWORD"
expect -c "
set timeout 600
spawn apt-get install -y mariadb-server mariadb-client
expect -re \"New password for the MariaDB *\" {
send \"\r\"

echo 'update mysql.user set plugin="" where User="root"; flush privileges; ' | mysql -uroot

# Install the secure controls for MySQL
# Make sure that NOBODY can access the server without a password. Password changes to "paloalto"
mysql -e "UPDATE mysql.user SET Password = PASSWORD('paloalto') WHERE User = 'root'"
# Kill the anonymous users
#mysql -e "DROP USER ''@'localhost'"
# Because our hostname varies we'll use some Bash magic here.
#mysql -e "DROP USER ''@'$(hostname)'"
# Kill off the demo database
#mysql -e "DROP DATABASE test"
# Make our changes take effect
# Any subsequent tries to run queries this way will get access denied because lack of usr/pwd param

sed -i 's/max_allowed_packet\t= 16M/max_allowed_packet\t= 64M/g' $filePath
sed -i 's/bind-address\t\t=\t\t=' $filePath
sed -i 's/#binlog_format=row/binlog_format=mixed/g' $filePath
service mysql restart

# Create Databases
printTitle "Creating initial Databases"
mysqladmin -uroot -ppaloalto create pandb
mysqladmin -uroot -ppaloalto create pandbRBAC
mysqladmin -uroot -ppaloalto create BestPractices
mysqladmin -uroot -ppaloalto create RealTimeUpdates

printTitleWait "Installing Perl"
apt-get install -y perl
apt-get install -y liblist-moreutils-perl

printTitleWait "Installing Python dependencies for BPA modules"
apt-get install -y python
apt-get install -y python3
apt-get install -y python3-pip
pip install lxml
pip install --upgrade pip
pip install unidecode
pip install pandas
pip install six
pip install sqlalchemy

# RabbitMQ
printTitleWait "Installing Messaging system for background tasks"
apt-get install -y rabbitmq-server
update-rc.d rabbitmq-server defaults
apt-get install -y policycoreutils
/usr/sbin/setsebool httpd_can_network_connect=1

#Add www-data to expedition group
usermod -a -G expedition www-data

# apt-get Repository
printTitleWait "Installing Expedition packages"

printTitle "Updating databases"
cd "$currentwd" || exit
tar -zxvf databases.tgz
mysql -uroot -ppaloalto pandb < databases/pandb.sql
mysql -uroot -ppaloalto pandbRBAC < databases/pandbRBAC.sql
mysql -uroot -ppaloalto BestPractices < databases/BestPractices.sql
mysql -uroot -ppaloalto RealTimeUpdates < databases/RealTimeUpdates.sql

#Get the GPG key:
cd "/etc/apt/trusted.gpg.d/" || exit
# wget https://conversionupdates.paloaltonetworks.com/ex-repo.gpg
# Installing Expedition package
# apt-get install -y --allow-unauthenticated expedition-beta
expect -c "
set timeout 600
spawn apt-get install -y --allow-unauthenticated expedition-beta
expect -re \"Do you want to *\" {
send \"Y\r\"

printTitle "Tunning some Expedition parameters"
sed -i 's/log_bin/skip-log_bin/g' $filePath

sed -i 's/mysqli.reconnect = Off/mysqli.reconnect = On/g' $filePath
# sed -i 's/mysqli.reconnect = Off/mysqli.reconnect = On/g' /etc/php/7.4/apache2/php.ini

sed -i 's/mysqli.reconnect = Off/mysqli.reconnect = On/g' $filePath
# sed -i 's/mysqli.reconnect = Off/mysqli.reconnect = On/g' /etc/php/7.4/cli/php.ini
sudo service apache2 restart

printTitle "Updating Python modules"
expect -c "
set timeout 600
spawn bash /var/www/html/OS/BPA/updateBPA306.sh
expect -re \"Do you want to *\" {
send \"Y\r\"

printTitle "Installing Spark dependencies"
apt-get install -y openjdk-8-jre-headless
apt-get install -y --allow-unauthenticated expeditionml-dependencies-beta

cp /var/www/html/OS/spark/config/log4j.properties /opt/Spark/
rm -f /home/userSpace/environmentParameters.php


printTitle "Installing Firewall service"
apt-get install -y firewalld

printTitle "Firewall rules for Web-browsing"
firewall-cmd --add-port=443/tcp
firewall-cmd --permanent --add-port=443/tcp

printTitle "Firewall rules for Database (skipped)"
#MySQL/MariaDB (optional)
#firewall-cmd --add-port=3306/tcp
#firewall-cmd --permanent --add-port=3306/tcp


printTitle "Firewall rules for ML Web-Interfaces"
firewall-cmd --add-port=4050-4070/tcp
firewall-cmd --permanent --add-port=4050-4070/tcp

firewall-cmd --add-port=5050-5070/tcp
firewall-cmd --permanent --add-port=5050-5070/tcp

exists=$(id -u expedition | wc -l)
if [ "$exists" -eq 1 ]; then
printTitle "Expedition user already exists"
printTitleFailed "expedition user does not exist"
printTitleFailed "Create expedition user via \"sudo adduser --gecos '' expedition\""
printTitleFailed "Execute this installer again afterwards"
exit 1

cp /var/www/html/OS/startup/panReadOrdersStarter /etc/init.d/panReadOrders
chmod 755 /etc/init.d/panReadOrders
chown root:root /etc/init.d/panReadOrders
ln -s /etc/init.d/panReadOrders /etc/rc2.d/S99panReadOrders
ln -s /etc/init.d/panReadOrders /etc/rc3.d/S99panReadOrders
ln -s /etc/init.d/panReadOrders /etc/rc4.d/S99panReadOrders
ln -s /etc/init.d/panReadOrders /etc/rc5.d/S99panReadOrders

systemctl daemon-reload
service panReadOrders start

ubuntuVersion=$(lsb_release -a | grep Release | awk '{print $2}')
if [ "$ubuntuVersion" == "20.04" ]; then
printTitle "Correct Ubuntu Server 20.04 version"
printTitleFailed "This script has been prepared for Ubuntu Server 20.04"
printTitleFailed "Current version: "
echo "$ubuntuVersion"
exit 1

# Check if some packages has already been installed
expeditionAlreadyInstalled=$(apt-get list --installed | grep -c expedition-beta)
if [ "$expeditionAlreadyInstalled" -ne 0 ]; then
printTitleFailed "This script has been prepared to install Expedition from scratch"
printTitleFailed "Expedition package is already present"
exit 1
printTitle "This machine does not have Expedition installed"


# myIP=$(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '')
myIP=$(hostname -I)
echo "INSERT INTO ml_settings (server) VALUES ('${myIP}') " | mysql -uroot -ppaloalto pandbRBAC

echo "${GREEN} ****************************************************************************************"
echo " * *"
echo " * *"
echo " * This script will download and install required packages to prepare Expedition on *"
echo " * Ubuntu server 16.04. A ${bold}NEW image${normal}${GREEN} is expected for this installer to take effect. *"
echo " * This installer requires ${bold}Internet Connection${normal}${GREEN} *"
echo " * *"
echo " * *"
echo " * We do not take any responsibility and we are not liable for any damage caused *"
echo " * through use of this tool, be it indirect, special, incidental or consequential *"
echo " * damages (including but not limited to damages for loss of business, loss of pro- *"
echo " * fits, interruption or the like). If you have any questions regarding the terms of *"
echo " * use outlined here, please do not hesitate to contact us at *"
echo " * fwmigrate@paloaltonetworks.com *"
echo " * *"
echo " * If you continue with this installation you acknowledge having read the above lines *"
echo " * *"
echo " ****************************************************************************************${normal}"
printTitleWait ""


echo "usage: initSetup [-i] | [-h]"

# Establish run order
main() {

while [[ $# -gt 0 ]]; do
case $key in
-i | --interactive ) interactive=1
-h | --help ) usage
* ) usage
exit 1





printBanner "Updating Debian Repositories"
#apt-get -y install expect
updateRepositories # Update Debian repositories

# Prepare userSpace for Expedition data storage
printTitle "Preparing the /home/userSpace Space for data storage"
mkdir /home/userSpace; chown www-data:www-data -R /home/userSpace
mkdir /data; chown www-data:www-data -R /data

printBanner "Installing System Services"
prepareSystemService # Allow remote root ssh access. Change PermitRootLogin prohibit-password to PermitRootLogin yes

printBanner "Installing LAMP Services"


printBanner "Installing Expedition packages"

printBanner "Starting Task Manager"



main "$@"

L1 Bithead

I recently went to install expedition, so I googled to find the installer guide.   The guide that's posted on the pan.dev site (which looks great by the way) is for version 2.0.   You may want to post something at the top of the installer guide to indicate that the version is not yet ready for release.  

L4 Transporter

Yes, we will update the pan-os website to indicate the delay . thank you!

L2 Linker



What is the planned release date of the Expedition 1.0 for Ubuntu 20.04 LTS?


Thank you and best regards


L4 Transporter

@utahman3431 Hi - is that script for v1 on Ubuntu 20.04 or for v2 beta?  Thanks!

L4 Transporter


L4 Transporter


Register or Sign-in
Article Dashboard
Version history
Last update:
‎08-01-2021 11:58 PM
Updated by: