Dear Valued Customer and Partner,
We are excited to share some great news with you, as a valued user of Expedition functionalities. We are currently in the process of transferring the core functionalities of the tool into new products. This strategic move aligns with our commitment to meet the evolving needs of our customers and enhance our range of product offerings. Starting from January 2025, Palo Alto Networks will no longer support the Expedition tool, including all versions of both Expedition1 and Expedition2 branches. We believe this transition will bring even more value and improved capabilities to our users.
To assist you in transitioning smoothly, we recommend exploring the following alternatives:
We understand this transition's impact on your operations and are committed to supporting you every step of the way. Should you have any questions or need further assistance, please do not hesitate to reach out via the Expedition community forum or by contacting our team directly through the previously mentioned email.
We appreciate your understanding and continued support as we strive to serve your needs better with our advanced product solutions.
Warm regards:
Palo Alto Networks
Yes, absolutely you can continue using Expedition, as both the tool and the repositories will remain accessible for your usage.
While you can technically continue using Expedition after its End of Life (EOL) date, there are several factors to consider:
Lack of Support and Limited Functionality:
Community Support:
Alternatives to Consider:
Given the limitations of using Expedition after EOL, you may want to consider alternative solutions for your migration projects. Professional Services including Migration Factory team: Palo Alto Networks offers professional services to assist with configuration migration. This can be a good option if you need expert help with the migration process.
Ultimately, the decision of whether or not to continue using Expedition after EOL is up to you. However, it is important to weigh the risks and limitations before making a decision. If you require ongoing support, access to new features, and compatibility with future versions of PAN-OS, you may want to consider using an alternative solution.
As stated in the Agreement disclaimer 5. Use Restrictions and Prohibitions:
Except as expressly specified in this Agreement, You may not, nor allow any third party, directly or indirectly to: Copy (except in the course of loading or installing), modify or create derivative works based on the Tool, including but not limited to adding new features or otherwise making adaptations that alter the functioning of the Tool.
Expedition is not an open-source project, therefore you cannot change or modify any code without the consent of Palo Alto Networks, as outlined in the terms and conditions.
While it's true that Expedition has a long history of stability and a wealth of documentation available, it's important to acknowledge the limitations associated with using a tool past its End of Life (EOL) date.
To assist you in transitioning smoothly, we recommend exploring the following alternatives:
Besides above consider these valuable resources that can help you address issues with Expedition:
Extensive Documentation:
Active Community Portal:
Leverage Existing Stability:
Remember, while Expedition may not receive official updates after EOL, its existing functionality and the supportive community can still be valuable assets for your migration projects.
Here's a summary of your options:
By utilizing these resources effectively, you can continue to leverage Expedition's strengths for your migration needs even after its EOL date.
Expedition played a crucial role in bridging the gap between customer needs and Palo Alto Networks' product offerings. As a free, community-supported tool, it provided valuable assistance with configuration migration.
However, with the introduction of enhanced capabilities within Strata Cloud Management (SCM) and enhanced migration services, a natural progression has occurred.
Palo Alto Networks is now focusing resources on these more comprehensive and officially supported solutions. Expedition's legacy as a valuable tool for configuration migration is acknowledged. However, the transition to SCM represents a natural progression towards a more comprehensive and officially supported solution. This shift aligns with Palo Alto Networks' commitment to providing customers with the best possible tools and resources for their policy posture management.
Did you all have ChatGPT write parts of this this? It's comical how out of touch Palo Alto is becoming with their clients. I personally didn't use Expedition because it was never actually "supported" to begin with, with little to no meaningful documentation. But framing this announcement as exciting news is just hilariously tone deaf for the people who maybe did use it or find value in it.
I used the tool heavily to migrate from other vendors to Palo. And it was a great selling point because it was free of charge.
I assume the Professional Services and Migration Factory is not free of charge.....
This are definitive not "excited" and also not "great news".
If you really gonna kill it (which seems like a "Broadcom move" but go on) at least make it open-source so the community can further develop it.
If going cloud or buying professional services are the only options for migration and in general bulk changes for Panorama are the only options (besides developing your own set of scripts/tools) selling will get difficult.
Customers are using this also for regularely cleaning up unused objects, applying bulk changes to rules etc...
I don't know what to say about this. We also use Expedition very successfully to migrate the configuration from other vendors, for mass changes and had relied on Expedition2 for additional features.
As the others have already written, i don't know where this is supposed to be "great news". I hope that the Strata Cloud Manager provides the functions, especially for migration, quickly and free of charge. Until now, it's a game changer when we talk with customers about the migration.
In the the last 9years another tool was developed under an OpenSource license by PANW PS people.
mass manipulation of Firewall/Panorama is available since years, and also a starting point to manipulate Strata Cloud Manager config.
this one is no longer maintained:
https://github.com/PaloAltoNetworks/pan-os-php
But there is one which is actively maintained by myself
https://github.com/swaschkut/pan-os-php
An incredibly bad decision, when will Palo Alto Networks dismantling of its partner relationships stop?!
Over the years I/we have used Expedition a lot, then and now. I don't know if Palo thinks the tool has only been used for migrations. Have used the tool in presale, migration, configuration adjustments, etc. Very useful.
During my 12 years of focusing solely on Palo Alto, Palo has grown a lot, which is nice. In the first years, Palo had events such as SKO, SE-summit, Ignite, tech summit and local events where Palo and we partners (in some cases also customers) received the same information at the same time about news. For a few years now, we partners are not welcome at SKO, the SE summit just didn't happen this year (zero info that that was the plan and it doesn't seem like anyone within Palo knew /know why…).
How do you plan to use us as partners in the future? Should all events be replaced with online variants? What events does Palo have in the next 12 months? Clarity please!
This is disconcerting news indeed.
We use Expedition extensively in our migration projects from competitor to PANW firewalls.
Do we now simply hand over the customers old competitor config to PANW PS and Migration factory? And get an "AI-parsed" PanOs xml in return? How is the quality control of the new config done?
Today there is a whole lot of tweaking done in expedition before the config is ready for use. Are your new methods better at handling the conversion process? How are You going to do all the communication with the customer to sort out all the kinks? Directly? Does Your personnel speak the local languages in the respective regions? Having a language barrier only compound problems in a migration process. How do You see the Partner engineer's role in the migration process going forward? Are You sending personnel all over the world when it comes time to go live with new firewall? Having the customer do this themselves is risky, nor is it the accepted norm in our region, when doing a migration.
What is the cost for the customer related to all this?
Are you moving away from the Partner model of doing business?
I can se the benefits of SCM and getting the cleanup and optimization features there, in addition to the other benefits. But I am skeptical in regards to migration processes in the future based on the sparse information above.
Are there any overlap in the people from Professional Services and the Support services?
Hopefully You have more information for Partners in addition to the single sentence describing "Professional Services and Migration Factory"
I hope You can alleviate our concerns.
With Regards,
Chriss Greve
