Expedition Documentation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Audit
Last Reviewed: 07-19-2023 04:53 AM
Audited By: kiwi
L7 Applicator
92% helpful (53/58)

Here are all the Documents related to Expedition use and administrations

 

  1. Installation Guide - Instructions to install Expedition 1 on an Ubuntu 20.04 Server and Transferring Projects between Expeditions
  2. Hardening Expedition – Follow to secure your Instance.
  3. Admin Guide – Describes the Admin section and provides advice on how to configure and properly setup.
  4. User Guide  v1.1 (will be improved)
  5. Log Analysis Feature Guide - (APP-ID Adoption, Rule Enrichment, and Machine Learning features)
Rate this article:
(3)
Comments
L1 Bithead

when we should expect User Guide for Expedition ?

L7 Applicator

we expect to have first release this week.

L0 Member

Problems getting export of set commands with full configuration.  Dashboard reflects no invalid objects and no duplicates but still unable to get the set commands.

L7 Applicator

hi @DSchlosser-GSD Please open a new thread under Discussions please

L0 Member

Is Expedition the successor to the Migration Tool (OVA) listed at the following URL?

 

https://live.paloaltonetworks.com/t5/Migration-Tool-Articles-old/Download-the-Migration-Tool/ta-p/56...

 

I see that the download is just a tarball of VMWare files...

 

What's the difference and can either tool convert ASA config to partial Palo Alto config (or set commands) to deploy to an existing multi-tenent PA device?

L7 Applicator

Yes it is. This version is to run under vmware workstation or with VMPlayer, if you need to convert to ESXi you can use VMware Converter.

L0 Member

Any sign of that User Document yet?

I have customers asking about this.

L0 Member

User Guide???

L0 Member

Is it possible to have this new version in an OVA.

 

Its a bit risky just adding a thirdparty host on our VM farm, OVA's are a more accpetable risk.

 

 

L2 Linker

I'm simply trying to import an xml into a project that my account created and as soon as the % import basically finishes, I get a message that says "you do not have rights in the project" ??  Any assistance would be great!

L0 Member

I m having same issues, when importing checkpoint firewall configuration on R77.30.  I am logged in admin but still receies the message "failed : you do not rights in this project"

L7 Applicator

We are reviewing it, thanks

L7 Applicator

If someone can send us an email to fwmigrate at paloaltonetworks dot com to describe how to reproduce the problem, we are unable to reproduce it sorry. Thanks

L2 Linker

Is the BPA feature in expedition functioning? I tried to import a running config.xml and run but nothing came out. Is there any steps that i missed out?


L7 Applicator

@yctan are you in the latest version 1.0.103?

L2 Linker

Im at 1.0.84. I saw this thread on BPA:

 

https://live.paloaltonetworks.com/t5/Expedition-Discussions/Best-Practices-Analysis-Not-Running/td-p...

 

I have problem updating when running this cli to update.

 

sudo apt-get update
L7 Applicator

After that command just run the next one (ignore any error)

 

sudo apt-get install expedition-beta
L7 Applicator

@yctan and you have to run after everything this command as well:

 

sudo bash /var/www/html/OS/BPA/updateBPA306.sh
L2 Linker

Its working now. Thanks!

Updates have passed in Ubuntuland, and Expedition(-beta) did not survive.

 

- The conversionupdates repository was removed from sources.list

- After re-enabling it again:

 

expedition@Expedition:~$ sudo apt-get install expedition-beta
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
bc libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
Suggested packages:
php-pear
The following NEW packages will be installed:
bc expedition-beta libexporter-tiny-perl liblist-moreutils-perl libsodium23 php-common php-radius php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-phpdbg php7.2-readline
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,289 kB/46.0 MB of archives.
After this operation, 18.3 MB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
expedition-beta
Install these packages without verification? [y/N] y
Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 bc amd64 1.07.1-2 [86.2 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libexporter-tiny-perl all 1.000000-2 [34.6 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 liblist-moreutils-perl amd64 0.416-1build3 [55.5 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 php-common all 1:60ubuntu1 [12.1 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-common amd64 7.2.7-0ubuntu0.18.04.2 [879 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-json amd64 7.2.7-0ubuntu0.18.04.2 [18.8 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-opcache amd64 7.2.7-0ubuntu0.18.04.2 [164 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-readline amd64 7.2.7-0ubuntu0.18.04.2 [12.1 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libsodium23 amd64 1.0.16-2 [143 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 php7.2-cli amd64 7.2.7-0ubuntu0.18.04.2 [1,406 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 php7.2-phpdbg amd64 7.2.7-0ubuntu0.18.04.2 [1,445 kB]
Get:12 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 php-radius amd64 1.4.0~b1-6build2 [31.8 kB]
Fetched 4,289 kB in 6s (728 kB/s)
Selecting previously unselected package bc.
(Reading database ... 85832 files and directories currently installed.)
Preparing to unpack .../00-bc_1.07.1-2_amd64.deb ...
Unpacking bc (1.07.1-2) ...
Selecting previously unselected package libexporter-tiny-perl.
Preparing to unpack .../01-libexporter-tiny-perl_1.000000-2_all.deb ...
Unpacking libexporter-tiny-perl (1.000000-2) ...
Selecting previously unselected package liblist-moreutils-perl.
Preparing to unpack .../02-liblist-moreutils-perl_0.416-1build3_amd64.deb ...
Unpacking liblist-moreutils-perl (0.416-1build3) ...
Selecting previously unselected package php-common.
Preparing to unpack .../03-php-common_1%3a60ubuntu1_all.deb ...
Unpacking php-common (1:60ubuntu1) ...
Selecting previously unselected package php7.2-common.
Preparing to unpack .../04-php7.2-common_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-json.
Preparing to unpack .../05-php7.2-json_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-opcache.
Preparing to unpack .../06-php7.2-opcache_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-readline.
Preparing to unpack .../07-php7.2-readline_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package libsodium23:amd64.
Preparing to unpack .../08-libsodium23_1.0.16-2_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.16-2) ...
Selecting previously unselected package php7.2-cli.
Preparing to unpack .../09-php7.2-cli_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php7.2-phpdbg.
Preparing to unpack .../10-php7.2-phpdbg_7.2.7-0ubuntu0.18.04.2_amd64.deb ...
Unpacking php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
Selecting previously unselected package php-radius.
Preparing to unpack .../11-php-radius_1.4.0~b1-6build2_amd64.deb ...
Unpacking php-radius (1.4.0~b1-6build2) ...
Selecting previously unselected package expedition-beta.
Preparing to unpack .../12-expedition-beta_1.0.103_amd64.deb ...
Unpacking expedition-beta (1.0.103) ...
Processing triggers for install-info (6.5.0.dfsg.1-2) ...
Setting up libexporter-tiny-perl (1.000000-2) ...
Setting up libsodium23:amd64 (1.0.16-2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up php-common (1:60ubuntu1) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up bc (1.07.1-2) ...
Setting up liblist-moreutils-perl (0.416-1build3) ...
Setting up php7.2-common (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-readline (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-json (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-opcache (7.2.7-0ubuntu0.18.04.2) ...
Setting up php7.2-cli (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/php7.2 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar7.2 to provide /usr/bin/phar (phar) in auto mode
update-alternatives: using /usr/bin/phar.phar7.2 to provide /usr/bin/phar.phar (phar.phar) in auto mode
Setting up php7.2-phpdbg (7.2.7-0ubuntu0.18.04.2) ...
update-alternatives: using /usr/bin/phpdbg7.2 to provide /usr/bin/phpdbg (phpdbg) in auto mode
Setting up php-radius (1.4.0~b1-6build2) ...
Setting up expedition-beta (1.0.103) ...
PHP Fatal error: Uncaught Error: Class 'mysqli' not found in /var/www/html/libs/database.php:22
Stack trace:
#0 /var/www/html/bin/updates/updateSQL.php(14): require_once()
#1 {main}
thrown in /var/www/html/libs/database.php on line 22
its recommended to run after install: apt-get -y -f install
its recommended to run after install: sudo apt-get autoremove
PHP Fatal error: Uncaught Error: Call to undefined function PaloAltoNetworks\expedition\sns\curl_init() in /var/www/html/libs/sns/sns.php:126
Stack trace:
#0 /var/www/html/libs/sns/sns.php(155): PaloAltoNetworks\expedition\sns\sns->send_message('{"type": "stats...')
#1 /var/www/html/libs/sns/sns.php(92): PaloAltoNetworks\expedition\sns\sns->send_stats('Update Installe...')
#2 /var/www/html/libs/sns/sns.php(38): PaloAltoNetworks\expedition\sns\sns->update('4be79b3c-a61d-4...')
#3 /var/www/html/libs/utils.php(17): PaloAltoNetworks\expedition\sns\sns->__construct(Array)
#4 /var/www/html/OS/update/snsUpdate.php(11): sns_init(Array)
#5 {main}
thrown in /var/www/html/libs/sns/sns.php on line 126
Checking for old projects and Devices what are not Encrypted
PHP Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664

Fatal error: Uncaught PDOException: could not find driver in /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:43
Stack trace:
#0 /var/www/html/libs/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(43): PDO->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#1 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(64): Doctrine\DBAL\Driver\PDOConnection->__construct('mysql:host=loca...', 'root', 'paloalto', Array)
#2 /var/www/html/libs/vendor/illuminate/database/Connectors/Connector.php(43): Illuminate\Database\Connectors\Connector->createPdoConnection('mysql:host=loca...', 'root', 'paloalto', Array)
#3 /var/www/html/libs/vendor/illuminate/database/Connectors/MySqlConnector.php(24): Illuminate\Database\Connectors\Connector->createConnection('mysql:host=loca...', Array, Array)
#4 /var/www/html/libs/vendor/illuminate/database/Connectors/ConnectionFactory.php(183): Illuminate\Database\Connectors\MySqlConnector->connect(Array)
#5 [internal function]: I in /var/www/html/libs/vendor/illuminate/database/Connection.php on line 664
Warning: ALREADY_ENABLED: 5140-5150:tcp
Warning: ALREADY_ENABLED: 4050-4070:tcp

L2 Linker

Hi, i followed the steps given above with my new environment but the BPA is not functioning. Is there any changes?

 

Thanks

L1 Bithead

Hi All,

 

How to create log connector in Plugins or is there any user guide document on this steps?

Thanks.

 

Ramzee

L1 Bithead

Hey community,

 

when we should expect the documentation "Using Machine Learning to create Policies from logs" ?

We have implemented expedition in the latest version.

Add new Project and load  firewall config's and Logg's works fine so far.

But if the firewall export files are loaded from 24 hours with more than 4 GB size, the tool will stop working. How do you best deal with the shortage of data? Is it possible to send the data directly via syslogg to expedition?

How is this set up?

 

Thanks

 

MatzePeng

L7 Applicator

The documentation is ready and now is under review so expect it this week!

L1 Bithead

Hey alestevez,

Thank you for your prompt reply. That sounds good.

Best regards

Matthias

L1 Bithead
  1. Using Machine Learning to create Policies from logs (Coming soon)  How much longer for this guide? 🙂 
L7 Applicator

Available !!

L1 Bithead

SWEET!!


L1 Bithead

Hi All,

 

Is it possible if i manually upload the traffic log into Expedition, instead of the Expedition pull the log by itself thru the network?

The reason being is i didnt install the Expedition in client's environment, install in my laptop instead.

 

I need the traffic log into Expedition in order Expedition to advise me for rules optimization (recommended App-ID, recommended rules not in use, recommended merge rules, etc etc)

 

Thanks,

Ramzee

L1 Bithead

Hi Ramzee,

 

If I understood your question correctly, the answer is yes.

 

You can export the logs and the configuration from firewall to file and manually load them into expedition for analysis.

We load the files via SCP (SSH) in data folder to expedition. After that, the files are available in expedition.

The only problem we had where files that were too big ( export 24h traffic log with more than 4 GB Data fom 3000 Series Palo an more than 1 Mio lines per *.csv file). There seems to be a problem in expedition. Maybe our system need more perfomance.  Don't know at the moment.

Would make sense to test it with short files at the beginning.

 

I think all the information you need can be found in the documentation above.

 

Best

MatzePeng

 

L7 Applicator

@Ramzee Yes and No, you need to first create the device and retrive the Configuration by using the APIs, that means you need to be in the customer's network to do that. Then you can manually import via SCP the log files and place into Expedition, from the DEvice configured you can tell where you placed them for analisys, Please follow the Documentation https://paloaltonetworks.box.com/s/2h1xd16i5nlwkv9pmpega0m416rnps0q and follow the Rule Enrichment Process to do the App-ID Adoption

L1 Bithead

Hi MatzePeng,

 

Understood on the approach.

Another question, I have export traffic log in .csv but it only containt log for a day. From the firewall Monitor tab, at least i can see up until June 2018. Please advise how can i export all traffic logs.

 

Thanks.

L1 Bithead

Hi alestevez,

 

As for now the Expedition is not install in client's environment. I'm trying looking to run the Expedition out from client's environment (my laptop didnt connect to client's environment).

 

Thanks for your advise.

L1 Bithead

Hi Ramzee,

 

logs can be exported using filters.

 

Palo Alto knowledgebase

 

_https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clj3CAC

 

Best

 

 

 

L1 Bithead

Hi MatzePeng,

 

The same exact steps that i did before, the result from .csv only showing today and only for 2 hours of traffic log. Instead i can see from the firewall Monitor Traffic log, i can see at least starting from June 2018.

L1 Bithead

Hey,

 

strange. Have you checked the date, time and time zone on the firewall and expedition?

 

To rule out a malfunction in the GUI, would I test it all over the CLI. Is there the problem too?

 

Have you also checked the maximum number of lines in the CSV file? How many lines does your file have?

Please check the configuration as described in the link.

 

_https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaPCAS

 

Best

MatzePeng

 

L1 Bithead

Hi MatzePeng ,

 

You are right, that is the restriction. Currently the default Max Rows in CSV is 65535. I would need to increase it if require more logs. Max value can be increase is 1048576.

 

Thanks a lot mate for the assistant!

L4 Transporter

@alestevezWhat firewalls are supported by Expedition now? I don't see this documented anywhere.

 

L1 Bithead

Hi, bspilde

 

You  can refer this document, it memtions about Cisco, Fortinet, Check Point, Forcepoint, Juniper and IBM XGS.

 

https://www.paloaltonetworks.com/resources/datasheets/expedition-transformation-and-best-practices-a...

 

Homer

L4 Transporter
L0 Member

Hello, I am looking at migrating some McAfee (Stonesoft) firewalls (version 6.3.8) to a new Palo Alto estate and wondered if Expedition will be able to process the configurations.  I appreciate that McAfee/Stonesoft isn't supported natively, but wondered if the Forcepoint modules in Expedition extend to the newer versions of McAfee code following the aquisition by Forcepoint.  Appreciate the answer is probably 'No', but thought I would check.  Thanks

L7 Applicator

@nburrows It should work, probably they didnt change the config. If you can please verify it. Thanks

L1 Bithead

I'm finding nothing in these docs about how to access the GUI after you've downloaded and run the virtual machine.  I can't browse to localhost, and although I can log into the CLI through the console, I am not seeing which IP/port combination I need to insert into the browser to reach the GUI.

 

What am I missing?

L0 Member

by SteveSirag
on ‎02-20-2019 11:54 AM

I'm finding nothing in these docs about how to access the GUI after you've downloaded and run the virtual machine.  I can't browse to localhost, and although I can log into the CLI through the console, I am not seeing which IP/port combination I need to insert into the browser to reach the GUI.

 

What am I missing?


 

Hi Steve, 

 

you can check what's the assigned IP address via ifconfig in the CLI, then just https://ip.address in the web browser.

L1 Bithead

Hai,

 I am fallowing the Admin guide to use expedition tool. I am able to do everything but i dont see  "PLUGINS" option on my tool.

Should we enable something here??

Vendor count under project not increasing even after adding two PAN firewalls in it.

 

L0 Member

Hi team,

Does any body tell me what is expedition installer and the difference between installing expedition from it and other legacy expedition installition through ova.

 

L0 Member

HI All,

I am converting from Fortigate FW to Palo Alto FW using with Expedition tools. But, I am not able to convert it.

I perform for backup at Fortigate FW as per below command.

  • config system console
  •   set output standard
  • End
  • show full-configuration

Please kindly advice it what kind of backup file need to backup at fortigate FW and import at Expedition migration tools.

 

Very much appreciate. thanks.

L0 Member

Can I use expedition with watchguard firewall?

L1 Bithead

Sooo, what is the operational status of the LDAP/RADIUS Auth modules?

I set up one of each, and ran TCPDUMP on the server, it never tried hitting the network.

 

Nick

L3 Networker

Greetings, I just wanted to add that we used the following process as mentioned in several individual posts above.
Downloaded the script, unpacked the files as stated in the Expedition_Installer_July_2019 PDF

https://live.paloaltonetworks.com/t5/expedition-articles/new-expedition-installation-procedure/ta-p/...
https://conversionupdates.paloaltonetworks.com/expeditionInstaller.tgz


Upon completing this process we attempted to access the URL and ran into an Apache error as described in another post, then we used the following commands (after creating a security policy on the firewall to allow the traffic)
 
sudo apt-get update
sudo apt-get install expedition-beta
sudo bash /var/www/html/OS/BPA/updateBPA306.sh

after the updates we were able to get to the URL and login, now I just want to have our server/azure admin take a snapshot before I got about hardening the system in case I hose things up.

Thanks to everyone who shared their issues and going through the trials and tribulations so that we could succeed.  LOL.

  • 549843 Views
  • 67 comments
  • 27 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎05-16-2024 04:12 AM
Updated by: