Important Update: End of Life Announcement for Palo Alto Networks Expedition

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
0% helpful (0/1)

End of Life Announcement for Palo Alto Networks Expedition


Dear Valued Customer and Partner,

We are excited to share some great news with you, as a valued user of Expedition functionalities. We are currently in the process of transferring the core functionalities of the tool into new products. This strategic move aligns with our commitment to meet the evolving needs of our customers and enhance our range of product offerings. Starting from January 2025, Palo Alto Networks will no longer support the Expedition tool, including all versions of both Expedition1 and Expedition2 branches. We believe this transition will bring even more value and improved capabilities to our users.


What This Means for You:


  • No Further Development: Expedition will have no new features or updates.
  • Support Changes: Technical support for Expedition will be discontinued. We encourage you to utilize the Expedition community on our live portal for ongoing discussions and access to all previously created documentation.
  • Email and Community Transition: The distribution list will be archived, but the Expedition community will remain active on our live portal.


Transition Support and Alternatives:


To assist you in transitioning smoothly, we recommend exploring the following alternatives:

  • SCM Features: Cleanup and optimization features with many enhancements to functionality in Expedition will be available in Strata Cloud Manager (SCM) for configs managed in SCM. Stay tuned for updates on these exciting developments.
  • Professional Services and Migration Factory: Our expert team is available to support your configuration migration to Palo Alto Networks products. By leveraging automation, tactical scripts, and custom solutions, our Migration Factory team can provide scalable and efficient migration services.

We understand this transition's impact on your operations and are committed to supporting you every step of the way. Should you have any questions or need further assistance, please do not hesitate to reach out via the Expedition community forum or by contacting our team directly through the previously mentioned email.

We appreciate your understanding and continued support as we strive to serve your needs better with our advanced product solutions.


Warm regards:

Palo Alto Networks




Could I keep using Expedition for my migration projects?


Yes, absolutely you can continue using Expedition, as both the tool and the repositories will remain accessible for your usage.

While you can technically continue using Expedition after its End of Life (EOL) date, there are several factors to consider:

Lack of Support and Limited Functionality:

  • No further development or updates: This means Expedition will not receive any bug fixes, security patches, or new features. This could make it not compatible with all features in future versions of PAN-OS.
  • Technical support unavailable: If you encounter any issues with Expedition, you will not be able to receive assistance from Palo Alto Networks. You will need to use the open live community and that could lead to delays and frustration in resolving problems.

Community Support:

  • Limited community resources: Although the Expedition community forum will remain accessible, it will not be actively moderated or updated. This means you may have difficulty finding answers to your questions or solutions to your problems.
  • Declining community activity: As Expedition becomes less popular While Expedition users transition to features consumption in products,, the community around it may dwindle. This could make it harder to find help and support from other users.

Alternatives to Consider:

Given the limitations of using Expedition after EOL, you may want to consider alternative solutions for your migration projects. Professional Services including Migration Factory team: Palo Alto Networks offers professional services to assist with configuration migration. This can be a good option if you need expert help with the migration process.


Ultimately, the decision of whether or not to continue using Expedition after EOL is up to you. However, it is important to weigh the risks and limitations before making a decision. If you require ongoing support, access to new features, and compatibility with future versions of PAN-OS, you may want to consider using an alternative solution.


Could I modify the code and maintain it?


As stated in the Agreement disclaimer 5. Use Restrictions and Prohibitions:

Except as expressly specified in this Agreement, You may not, nor allow any third party, directly or indirectly to: Copy (except in the course of loading or installing), modify or create derivative works based on the Tool, including but not limited to adding new features or otherwise making adaptations that alter the functioning of the Tool.

Expedition is not an open-source project, therefore you cannot change or modify any code without the consent of Palo Alto Networks, as outlined in the terms and conditions.


What can I do if I have some issue?


While it's true that Expedition has a long history of stability and a wealth of documentation available, it's important to acknowledge the limitations associated with using a tool past its End of Life (EOL) date.

To assist you in transitioning smoothly, we recommend exploring the following alternatives:

  • SCM Features: We are integrating clean-up and optimization features into SCM. This integration will preserve key functionalities and introduce new enhancements. Stay tuned for updates on these exciting developments.
  • Professional Services and Migration Factory: Our expert team is available to support your configuration migration to Palo Alto Networks products. By leveraging automation, tactical scripts, and custom solutions, our Migration Factory team can provide scalable and efficient migration services.

Besides above consider these valuable resources that can help you address issues with Expedition:

Extensive Documentation:

  • Expedition's live portal contains a comprehensive library of documentation, including user guides, FAQs, and troubleshooting tips. This wealth of information can often provide solutions to common issues.
  • Take advantage of the search functionality within the documentation to find relevant articles addressing your specific problem.

Active Community Portal:

  • Although Expedition is no longer officially supported, the community portal remains an active hub for users seeking assistance.
  • Post your issue on the community portal. The community comprises experienced users who may have encountered similar problems and can offer valuable insights and solutions.
  • Search the portal for existing discussions. Chances are, someone has already faced the same issue and documented a solution.

Leverage Existing Stability:

  • Expedition has been in the field for many years and has proven to be a stable tool. Unless you encounter critical bugs, it can still reliably perform migrations.
  • Focus on addressing specific issues rather than abandoning the entire tool. This approach can save time and resources while maintaining your migration workflow.

Remember, while Expedition may not receive official updates after EOL, its existing functionality and the supportive community can still be valuable assets for your migration projects.

Here's a summary of your options:

  • Consult the extensive documentation on the live portal.
  • Post your issue on the community portal and seek help from other users.
  • Focus on resolving specific issues rather than abandoning the entire tool.

By utilizing these resources effectively, you can continue to leverage Expedition's strengths for your migration needs even after its EOL date.


Why stop supporting Expedition?


Expedition played a crucial role in bridging the gap between customer needs and Palo Alto Networks' product offerings. As a free, community-supported tool, it provided valuable assistance with configuration migration.

However, with the introduction of enhanced capabilities within Strata Cloud Management (SCM) and enhanced migration services, a natural progression has occurred. 

Palo Alto Networks is now focusing resources on these more comprehensive and officially supported solutions. Expedition's legacy as a valuable tool for configuration migration is acknowledged. However, the transition to SCM represents a natural progression towards a more comprehensive and officially supported solution. This shift aligns with Palo Alto Networks' commitment to providing customers with the best possible tools and resources for their policy posture management.

Rate this article:
L0 Member

How is it great news that you are discontinuing a popular product?

L0 Member

Did you all have ChatGPT write parts of this this? It's comical how out of touch Palo Alto is becoming with their clients. I personally didn't use Expedition because it was never actually "supported" to begin with, with little to no meaningful documentation. But framing this announcement as exciting news is just hilariously tone deaf for the people who maybe did use it or find value in it.

L0 Member

I used the tool heavily to migrate from other vendors to Palo. And it was a great selling point because it was free of charge.

I assume the Professional Services and Migration Factory is not free of charge.....


This are definitive not "excited" and also not "great news".

L0 Member

If you really gonna kill it (which seems like a "Broadcom move" but go on) at least make it open-source so the community can further develop it.

If going cloud or buying professional services are the only options for migration and in general bulk changes for Panorama are the only options (besides developing your own set of scripts/tools) selling will get difficult.
Customers are using this also for regularely cleaning up unused objects, applying bulk changes to rules etc...

L2 Linker

I don't know what to say about this. We also use Expedition very successfully to migrate the configuration from other vendors, for mass changes and had relied on Expedition2 for additional features.


As the others have already written, i don't know where this is supposed to be "great news". I hope that the Strata Cloud Manager provides the functions, especially for migration, quickly and free of charge. Until now, it's a game changer when we talk with customers about the migration.

L0 Member

In the the last 9years another tool was developed under an OpenSource license by PANW PS people.


mass manipulation of Firewall/Panorama is available since years, and also a starting point to manipulate Strata Cloud Manager config.


this one is no longer maintained:


But there is one which is actively maintained by myself



L0 Member

You either die a hero, or live long enough to see yourself become the villain.

L3 Networker

In the history of bad moves, this is one of the worst moves you could ever make for partner engineers. Congratulations.

L0 Member

An incredibly bad decision, when will Palo Alto Networks dismantling of its partner relationships stop?!


Over the years I/we have used Expedition a lot, then and now. I don't know if Palo thinks the tool has only been used for migrations. Have used the tool in presale, migration, configuration adjustments, etc. Very useful.


During my 12 years of focusing solely on Palo Alto, Palo has grown a lot, which is nice. In the first years, Palo had events such as SKO, SE-summit, Ignite, tech summit and local events where Palo and we partners (in some cases also customers) received the same information at the same time about news. For a few years now, we partners are not welcome at SKO, the SE summit just didn't happen this year (zero info that that was the plan and it doesn't seem like anyone within Palo knew /know why…).


How do you plan to use us as partners in the future? Should all events be replaced with online variants? What events does Palo have in the next 12 months? Clarity please!

L0 Member

This is disconcerting news indeed.
We use Expedition extensively in our migration projects from competitor to PANW firewalls.
Do we now simply hand over the customers old competitor config to PANW PS and Migration factory? And get an "AI-parsed" PanOs xml in return? How is the quality control of the new config done?

Today there is a whole lot of tweaking done in expedition before the config is ready for use. Are your new methods better at handling the conversion process? How are You going to do all the communication with the customer to sort out all the kinks? Directly? Does Your personnel speak the local languages in the respective regions? Having a language barrier only compound problems in a migration process. How do You see the Partner engineer's role in the migration process going forward? Are You sending personnel all over the world when it comes time to go live with new firewall? Having the customer do this themselves is risky, nor is it the accepted norm in our region, when doing a migration.
What is the cost for the customer related to all this?

Are you moving away from the Partner model of doing business?

I can se the benefits of SCM and getting the cleanup and optimization features there, in addition to the other benefits. But I am skeptical in regards to migration processes in the future based on the sparse information above.
Are there any overlap in the people from Professional Services and the Support services?

Hopefully You have more information for Partners in addition to the single sentence describing "Professional Services and Migration Factory"


I hope You can alleviate our concerns.
With Regards,
Chriss Greve

L1 Bithead

Action speaks louder than words…

Another clear step towards reducing partners importance in the future.

Palo Alto seems to move away from us, that is unfortunately becoming more and more clear.

The Fortinet migration tool is going strong they seem to think it adds value to their story.


A Partner is someone you include in the story not exclude.



Peter Levin



L0 Member

In my previous company (as a partner) we managed to sell more pricey PAN fw just because of Expedition and log analysis functionality. 

As someone said:

"In the history of bad moves, this is one of the worst moves you could ever make for partner engineers. Congratulations."


But it is not just about partners, this is also affecting customers. I don't want to pay them their pricey services. Now I'm at a customer side, and my management wants to spend wants to spend as little money as possible. I'm building my case for PANs based on log analysis and creation of new rules. I'll have greenfield installation without any rules, and Expedition would be priceless. Now I don't have anything to hold on to and the most probably will stuck with bunch of Forti firewalls. 


Expedition was the main and the greatest differentiator between PAN and rest of the vendors. You just give yourself an auto-goal. Congratulations!!!


L1 Bithead

"We are currently in the process of transferring the core functionalities of the tool into new products."


Is it safe to assume that configuration migration from other vendors to Palo is considered core functionality?

When will these products be available? Will there be a cost associated with these products?

L1 Bithead


  • Professional Services and Migration Factory: Our expert team is available to support your configuration migration to Palo Alto Networks products. By leveraging automation, tactical scripts, and custom solutions, our Migration Factory team can provide scalable and efficient migration services.


So we pay you to migrate the data for us?


L4 Transporter


We currently have deployed a server (Minemeld version 0.9.70), Company Systems requires us to upgrade the operating system of this server. It is running Ubuntu Linux 16.04. We are asked to deploy a version that runs Ubuntu Linux 22.04.


Is it possible to upgrade the system or deploy a new OVA with this need fulfilled?

L4 Transporter

Well, that stinks.




Wow - I'm shocked/not shocked.  First Minemeld, BPA, and not being able to just call support.  And now this.


How long before Live Community, KB articles, and documentation become an additional subscription fee?  How long before talking to support and/or one's account team comes with an added "service fee" like restaurants can now charge?


How much money does PAN need?  What a bunch of greedy poseurs.


And let's not forget the unattainable sales goals for account teams that has caused a mass exodus of very talented people including the SEs who used to run the PCNSE ***free*** ~6-week study/review bootcamps for a few years.  Gone - they didn't even leave up the YouTube recordings of previous bootcamps (before anyone says it, yes I know they were under Rodger's account, but it was using his PAN email - they could've updated it and kept the channel).


Side note: pan-os-php is awesome - please do check it out.  The irony of that is it started as a PAN product like the above and basically died at PAN when Sven left (but, as he noted above, he maintains his own repository quite well).  The "funny" part about this is Sven used to be involved in some way with the Expedition team and sometimes he would ask why we used pan-os-php instead of Expedition for things.


Hmmm, I wonder if it has been discontinued because there's no one left who can develop/maintain it?  It kind of reminds of of Netscreen firewalls when a lot of those folks left Juniper (to form/join PAN) and Juniper dropped it in favor of JUNOS firewalls.

Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎06-14-2024 01:47 PM
Updated by: