- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
on 05-28-2018 06:28 AM - edited on 05-16-2024 04:12 AM by dpuigdomenec
Here are all the Documents related to Expedition use and administrations
Problems getting export of set commands with full configuration. Dashboard reflects no invalid objects and no duplicates but still unable to get the set commands.
Is Expedition the successor to the Migration Tool (OVA) listed at the following URL?
I see that the download is just a tarball of VMWare files...
What's the difference and can either tool convert ASA config to partial Palo Alto config (or set commands) to deploy to an existing multi-tenent PA device?
I'm simply trying to import an xml into a project that my account created and as soon as the % import basically finishes, I get a message that says "you do not have rights in the project" ?? Any assistance would be great!
I m having same issues, when importing checkpoint firewall configuration on R77.30. I am logged in admin but still receies the message "failed : you do not rights in this project"
Im at 1.0.84. I saw this thread on BPA:
I have problem updating when running this cli to update.
sudo apt-get update
Updates have passed in Ubuntuland, and Expedition(-beta) did not survive.
- The conversionupdates repository was removed from sources.list
- After re-enabling it again:
expedition@Expedition:~$ sudo apt-get install expedition-beta
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
bc libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
Suggested packages:
php-pear
The following NEW packages will be installed:
bc expedition-beta libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,289 kB/46.0 MB of archives.
After this operation, 18.3 MB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
expedition-beta
Install these packages without verification? [y/N] y
Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 bc amd64 1.07.1-2 [86.2 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libexporter-tiny-perl all 1.000000-2 [34.6 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 liblist-moreutils-perl amd64 0.416-1build3 [55.5 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 php-common all 1:60ubuntu1 [12.1 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-common amd64 7.2.7-0ubuntu0.18.04.2 [879 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-json amd64 7.2.7-0ubuntu0.18.04.2 [18.8 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-opcache amd64 7.2.7-0ubuntu0.18.04.2 [164 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-readline amd64 7.2.7-0ubuntu0.18.04.2 [12.1 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libsodium23 amd64 1.0.16-2 [143 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-cli amd64 7.2.7-0ubuntu0.18.04.2 [1,406 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 php7.2-phpdbg amd64 7.2.7-0ubuntu0.18.04.2 [1,445 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 php-radius amd64 1.4.0~b1-6build2 [31.8 kB]
Fetched 4,289 kB in 6s (728 kB/s)
Selecting previously unselected package bc.
(Reading database ... 85832 files and directories currently installed.)
Preparing to unpack .../00-bc_1.07.1-2_amd64.deb ...
Unpacking bc (1.07.1-2) ...
Selecting previously unselected package libexporter-tiny-perl.
Preparing to unpack .../01-libexporter-tiny-perl_1.000000-2_all.deb ...
Unpacking libexporter-tiny-perl (1.000000-2) ...
Selecting previously unselected package liblist-moreutils-perl.
Preparing to unpack .../02-liblist-moreutils-perl_0.416-1build3_amd64.deb ...
Unpacking liblist-moreutils-perl (0.416-1build3) ...
Selecting previously unselected package php-common.
Preparing to unpack .../03-php-common_1%3a60ubuntu1_all.deb ...
Unpacking php-common (1:60ubuntu1) ...
Selecting previously unselected package php7.2-common.
Preparing to unpack .../04-php7.2-common_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-json.
Preparing to unpack .../05-php7.2-json_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-opcache.
Preparing to unpack .../06-php7.2-opcache_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-readline.
Preparing to unpack .../07-php7.2-readline_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package libsodium23:amd64.
Preparing to unpack .../08-libsodium23_1.0.16-2_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.16-2) ...
Selecting previously unselected package php7.2-cli.
Preparing to unpack .../09-php7.2-cli_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-phpdbg.
Preparing to unpack .../10-php7.2-phpdbg_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php-radius.
Preparing to unpack .../11-php-radius_1.4.0~b1-6build2_amd64.deb ...
Unpacking php-radius (1.4.0~b1-6build2) ...
Selecting previously unselected package expedition-beta.
Preparing to unpack .../12-expedition-beta_1.0.103_amd64.deb ...
Unpacking expedition-beta (1.0.103) ...
Processing triggers for install-info (6.5.0.dfsg.1-2) ...
Setting up libexporter-tiny-perl (1.000000-2) ...
Setting up libsodium23:amd64 (1.0.16-2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up php-common (1:60ubuntu1) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up bc (1.07.1-2) ...
Setting up liblist-moreutils-perl (0.416-1build3) ...
Setting up php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/php7.2 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar7.2 to provide /usr/bin/phar (phar) in auto mode
update-alternatives: using /usr/bin/phar.phar7.2 to provide /usr/bin/phar.phar (phar.phar) in auto mode
Setting up php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/phpdbg7.2 to provide /usr/bin/phpdbg (phpdbg) in auto mode
Setting up php-radius (1.4.0~b1-6build2) ...
Setting up expedition-beta (1.0.103) ...
PHP Fatal error: Uncaught Error: Class 'mysqli' not found in /var/www/html/libs/database.php:22
Stack trace:
#0 /var/www/html/bin/updates/updateSQL.php(14): require_once()
#1 {main}
thrown in /var/www/html/libs/database.php on line 22
its recommended to run after install: apt-get -y -f install
its recommended to run after install: sudo apt-get autoremove
PHP Fatal error: Uncaught Error: Call to undefined function PaloAltoNetworks\expedition\sns\curl_init() in /var/www/html/libs/sns/sns.php:126
Stack trace:
#0 /var/www/html/libs/sns/sns.php(155): PaloAltoNetworks\expedition\sns\sns->send_message('{"type": "stats...')
#1 /var/www/html/libs/sns/sns.php(92): PaloAltoNetworks\expedition\sns\sns->send_stats('Update Installe...')
#2 /var/www/html/libs/sns/sns.php(38): PaloAltoNetworks\expedition\sns\sns->update('4be79b3c-a61d-4...')
#3 /var/www/html/libs/utils.php(17): PaloAltoNetworks\expedition\sns\sns->__construct(Array)
#4 /var/www/html/OS/update/snsUpdate.php(11): sns_init(Array)
#5 {main}
thrown in /var/www/html/libs/sns/sns.php on line 126
Checking for old projects and Devices what are not Encrypted
PHP Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664
Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664
Warning: ALREADY_ENABLED: 5140-5150:tcp
Warning: ALREADY_ENABLED: 4050-4070:tcp
Hey community,
when we should expect the documentation "Using Machine Learning to create Policies from logs" ?
We have implemented expedition in the latest version.
Add new Project and load firewall config's and Logg's works fine so far.
But if the firewall export files are loaded from 24 hours with more than 4 GB size, the tool will stop working. How do you best deal with the shortage of data? Is it possible to send the data directly via syslogg to expedition?
How is this set up?
Thanks
MatzePeng
Hi All,
Is it possible if i manually upload the traffic log into Expedition, instead of the Expedition pull the log by itself thru the network?
The reason being is i didnt install the Expedition in client's environment, install in my laptop instead.
I need the traffic log into Expedition in order Expedition to advise me for rules optimization (recommended App-ID, recommended rules not in use, recommended merge rules, etc etc)
Thanks,
Ramzee
Hi Ramzee,
If I understood your question correctly, the answer is yes.
You can export the logs and the configuration from firewall to file and manually load them into expedition for analysis.
We load the files via SCP (SSH) in data folder to expedition. After that, the files are available in expedition.
The only problem we had where files that were too big ( export 24h traffic log with more than 4 GB Data fom 3000 Series Palo an more than 1 Mio lines per *.csv file). There seems to be a problem in expedition. Maybe our system need more perfomance. Don't know at the moment.
Would make sense to test it with short files at the beginning.
I think all the information you need can be found in the documentation above.
Best
MatzePeng
@Ramzee Yes and No, you need to first create the device and retrive the Configuration by using the APIs, that means you need to be in the customer's network to do that. Then you can manually import via SCP the log files and place into Expedition, from the DEvice configured you can tell where you placed them for analisys, Please follow the Documentation https://paloaltonetworks.box.com/s/2h1xd16i5nlwkv9pmpega0m416rnps0q and follow the Rule Enrichment Process to do the App-ID Adoption
Hi MatzePeng,
Understood on the approach.
Another question, I have export traffic log in .csv but it only containt log for a day. From the firewall Monitor tab, at least i can see up until June 2018. Please advise how can i export all traffic logs.
Thanks.
Hi alestevez,
As for now the Expedition is not install in client's environment. I'm trying looking to run the Expedition out from client's environment (my laptop didnt connect to client's environment).
Thanks for your advise.
Hi MatzePeng,
The same exact steps that i did before, the result from .csv only showing today and only for 2 hours of traffic log. Instead i can see from the firewall Monitor Traffic log, i can see at least starting from June 2018.
Hey,
strange. Have you checked the date, time and time zone on the firewall and expedition?
To rule out a malfunction in the GUI, would I test it all over the CLI. Is there the problem too?
Have you also checked the maximum number of lines in the CSV file? How many lines does your file have?
Please check the configuration as described in the link.
_https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaPCAS
Best
MatzePeng
Hi MatzePeng ,
You are right, that is the restriction. Currently the default Max Rows in CSV is 65535. I would need to increase it if require more logs. Max value can be increase is 1048576.
Thanks a lot mate for the assistant!
Hi, bspilde
You can refer this document, it memtions about Cisco, Fortinet, Check Point, Forcepoint, Juniper and IBM XGS.
Homer
Found an article on how to migrate SonicWall by using CSV.
Hello, I am looking at migrating some McAfee (Stonesoft) firewalls (version 6.3.8) to a new Palo Alto estate and wondered if Expedition will be able to process the configurations. I appreciate that McAfee/Stonesoft isn't supported natively, but wondered if the Forcepoint modules in Expedition extend to the newer versions of McAfee code following the aquisition by Forcepoint. Appreciate the answer is probably 'No', but thought I would check. Thanks
I'm finding nothing in these docs about how to access the GUI after you've downloaded and run the virtual machine. I can't browse to localhost, and although I can log into the CLI through the console, I am not seeing which IP/port combination I need to insert into the browser to reach the GUI.
What am I missing?
I'm finding nothing in these docs about how to access the GUI after you've downloaded and run the virtual machine. I can't browse to localhost, and although I can log into the CLI through the console, I am not seeing which IP/port combination I need to insert into the browser to reach the GUI.
What am I missing?
Hi Steve,
you can check what's the assigned IP address via ifconfig in the CLI, then just https://ip.address in the web browser.
Hai,
I am fallowing the Admin guide to use expedition tool. I am able to do everything but i dont see "PLUGINS" option on my tool.
Should we enable something here??
Vendor count under project not increasing even after adding two PAN firewalls in it.
HI All,
I am converting from Fortigate FW to Palo Alto FW using with Expedition tools. But, I am not able to convert it.
I perform for backup at Fortigate FW as per below command.
Please kindly advice it what kind of backup file need to backup at fortigate FW and import at Expedition migration tools.
Very much appreciate. thanks.
Greetings, I just wanted to add that we used the following process as mentioned in several individual posts above.
Downloaded the script, unpacked the files as stated in the Expedition_Installer_July_2019 PDF
https://live.paloaltonetworks.com/t5/expedition-articles/new-expedition-installation-procedure/ta-p/...
https://conversionupdates.paloaltonetworks.com/expeditionInstaller.tgz
Upon completing this process we attempted to access the URL and ran into an Apache error as described in another post, then we used the following commands (after creating a security policy on the firewall to allow the traffic)
sudo apt-get update
sudo apt-get install expedition-beta
sudo bash /var/www/html/OS/BPA/updateBPA306.sh
after the updates we were able to get to the URL and login, now I just want to have our server/azure admin take a snapshot before I got about hardening the system in case I hose things up.
Thanks to everyone who shared their issues and going through the trials and tribulations so that we could succeed. LOL.