Symptoms Expedition is vulnerable to CVE-2022-37026, below are the Detail about the vulnerability : In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.   Diagnosis Issue below command in Expedition CLI: $apt list --installed | grep erlang  the result will show erlang package is v22.x which is vulnerable to the CVE   Solution Summary: Run below commands in Expedition CLI to add new repositories and upgrade the two packages to the stated version:   rabbitmq-server: 3.11.4-1 erlang: 25.0.4   ------------------------------------------------------------------------------------- $sudo -su root $service mysql stop $apt-get remove rabbitmq-server && apt-get purge rabbitmq-server $apt-get remove erlang && apt-get purge erlang $apt autoremove $apt install wget $wget -O- https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc | sudo apt-key add - $echo "deb https://packages.erlang-solutions.com/ubuntu focal contrib" | sudo tee /etc/apt/sources.list.d/erlang-solution.list $curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | sudo bash $apt-get install rabbitmq-server $apt autoremove $apt purge $service mysql start   Verify the two packages are updated with the required version with below commands:   $apt list --installed | grep erlang  $apt list --installed | grep rabbitmq-server      

Here are all the Documents related to Expedition use and administrations   Installation Guide - Instructions to install Expedition 1 on an Ubuntu 20.04 Server and Transferring Projects between Expeditions Hardening Expedition – Follow to secure your Instance. Admin Guide – Describes the Admin section and provides advice on how to configure and properly setup. User Guide  v1.1 (will be improved) Log Analysis Feature Guide - (APP-ID Adoption, Rule Enrichment, and Machine Learning features)

We are aware of the issue with Ubuntu VM on MAC with M1 chipset. Expedition installation script  will fail due to dependency packages not being installed as these have not been compiled for the M1 architecture.  We will study possible alternatives for the future releases. 

Symptoms While executing a migration you get one of bellow message errors on the /tmp/error file:  Got a packet bigger than 'max_allowed_packet' bytes Error while sending QUERY|STATISTICS packet Also the migration process could be stacked at some point for a long period of time. Diagnosis MySQL is not supporting to create the among of objects defined on your config so you need to give more resources to MySQL. Solution Resize the max allowed packets property on Mysql. 1) Locate your max_allowed_packet mysql configuration (for instance inside: /etc/mysql/mariadb.conf.d/50-server.cnf). 2) Edit the mysql config file and increase the MB for the property max_allowed_packet (for instance: max_allowed_packet = 100M). 3) Restart mysql (for instance: service mysql restart).  4) Execute the migration in a new clean Expedition project.

Symptoms After a fresh installation of Expedition, error message like below shows :   Diagnosis When Execute the following command in Expedition CLI as suggested :     sudo  sh /var/www/html/OS/BPA/updateBPA306.sh   Script did not finished running and encountered error message below:   × python setup.py bdist_wheel did not run successfully. │ exit code: 1 ╰ ─> [175 lines of output] running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.8 creating build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageSequence.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/EpsImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PcxImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PdfImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/TarIO.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/IcoImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GifImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageShow.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PpmImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageDraw.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageTransform.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ExifTags.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PdfParser.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImagePath.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/TgaImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/MpoImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/BlpImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/WmfImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PSDraw.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GimpGradientFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GbrImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PcdImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/SunImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageOps.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/DcxImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageEnhance.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/Jpeg2KImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/Hdf5StubImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GimpPaletteFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageMath.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImagePalette.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/FontFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageFilter.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageCms.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/CurImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageQt.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/features.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/FliImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageMode.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/_util.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PsdImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/McIdasImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImtImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/JpegPresets.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageGrab.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/JpegImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/TiffTags.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/SpiderImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/IcnsImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/WebPImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageChops.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/_tkinter_finder.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageColor.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GdImageFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PngImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/BufrStubImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/FtexImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/_version.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageStat.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/Image.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/MspImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PalmImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PaletteFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/MicImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ContainerIO.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/TiffImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/XVThumbImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/_binary.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/FitsStubImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/BmpImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PixarImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/IptcImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageFont.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/OleFileIO.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/SgiImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PyAccess.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/BdfFontFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageWin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/XbmImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/__init__.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/WalImageFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/XpmImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/PcfFontFile.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageTk.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/FpxImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/MpegImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageMorph.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/GribStubImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/DdsImagePlugin.py -> build/lib.linux-x86_64-3.8/PIL copying src/PIL/ImageDraw2.py -> build/lib.linux-x86_64-3.8/PIL running egg_info writing src/Pillow.egg-info/PKG-INFO writing dependency_links to src/Pillow.egg-info/dependency_links.txt writing top-level names to src/Pillow.egg-info/top_level.txt reading manifest file 'src/Pillow.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching '*.c' warning: no files found matching '*.h' warning: no files found matching '*.sh' no previously-included directories found matching 'docs/_static' warning: no previously-included files found matching '.appveyor.yml' warning: no previously-included files found matching '.coveragerc' warning: no previously-included files found matching '.codecov.yml' warning: no previously-included files found matching '.editorconfig' warning: no previously-included files found matching '.landscape.yaml' warning: no previously-included files found matching '.readthedocs.yml' warning: no previously-included files found matching '.travis' warning: no previously-included files found matching '.travis/*' warning: no previously-included files found matching 'tox.ini' warning: no previously-included files matching '.git*' found anywhere in d istribution warning: no previously-included files matching '*.pyc' found anywhere in d istribution warning: no previously-included files matching '*.so' found anywhere in di stribution writing manifest file 'src/Pillow.egg-info/SOURCES.txt' running build_ext The headers or library files could not be found for jpeg, a required dependency when compiling Pillow from source. Please see the install instructions at: https://pillow.readthedocs.io/en/latest/installation.html Traceback (most recent call last): File "/tmp/pip-install-nbk4y0xj/pillow_f525a19fbf1d4101aeddc513ddad3999/ setup.py", line 765, in <module> setup(name=NAME, File "/usr/lib/python3/dist-packages/setuptools/__init__.py", line 144, in setup return distutils.core.setup(**attrs) File "/usr/lib/python3.8/distutils/core.py", line 148, in setup dist.run_commands() File "/usr/lib/python3.8/distutils/dist.py", line 966, in run_commands self.run_command(cmd) File "/usr/lib/python3.8/distutils/dist.py", line 985, in run_command cmd_obj.run() File "/usr/lib/python3/dist-packages/wheel/bdist_wheel.py", line 223, in run self.run_command('build') File "/usr/lib/python3.8/distutils/cmd.py", line 313, in run_command self.distribution.run_command(command) File "/usr/lib/python3.8/distutils/dist.py", line 985, in run_command cmd_obj.run() File "/usr/lib/python3.8/distutils/command/build.py", line 135, in run self.run_command(cmd_name) File "/usr/lib/python3.8/distutils/cmd.py", line 313, in run_command self.distribution.run_command(command) File "/usr/lib/python3.8/distutils/dist.py", line 985, in run_command cmd_obj.run() File "/usr/lib/python3.8/distutils/command/build_ext.py", line 340, in r un self.build_extensions() File "/tmp/pip-install-nbk4y0xj/pillow_f525a19fbf1d4101aeddc513ddad3999/ setup.py", line 612, in build_extensions raise RequiredDependencyException(f) __main__.RequiredDependencyException: jpeg During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<string>", line 2, in <module> File "<pip-setuptools-caller>", line 34, in <module> File "/tmp/pip-install-nbk4y0xj/pillow_f525a19fbf1d4101aeddc513ddad3999/ setup.py", line 812, in <module> raise RequiredDependencyException(msg) __main__.RequiredDependencyException: The headers or library files could not be found for jpeg, a required dependency when compiling Pillow from source. Please see the install instructions at: https://pillow.readthedocs.io/en/latest/installation.html [end of output] Solution The error caused by libjpeg-dev package is missing , solution is to install the missing package before re-run the script, issue below commands first: sudo apt-get install libjpeg-dev Then re-run the script: sudo sh /var/www/html/OS/BPA/updateBPA306.sh   Script will be completed without error , and you can verify the error message in dashboard is remediated.  

Symptoms After upgrade Expedition from 1.1.x to 1.2.x , Radius authentication stop working  Diagnosis Module php7.0-radius is missing  Solution Please follow below steps :  1) Check if php7.0- radius  installed on your VM:  php -m  2) If it’s not installed , run below command to install  radius   php7.0 sudo apt-get install php7.0- radius 3)  Remove packages not needed. sudo apt autoremove 4) Check again if php7.0- radius   is installed on the VM  php -m 5) Confirm php CLI is 7.0 php -version 6) Restart apache2 sudo apache2ctl restart

Your Expedition VM might be vulnerable to the CVE-2021-4034, here is the Info regarding the vulnerability:   Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). Please refer to the website for detail info : https://ubuntu.com/security/cve-2021-4034 To Patch your Ubuntu system, please follow below steps:   1. Adding below line to the /etc/apt/sources.list : deb http://security.ubuntu.com/ubuntu focal-security main 2. Run below commands to update the policy-1 package: $sudo apt-get update $sudo apt-get install policykit-1 3. Verify the policykit-1 package has been updated to v.  0.105-26ubuntu1.2 as shown in below screen:     Those who can’t patch immediately should use below command  to remove the SUID-bit from pkexec:   $chmod 0755 /usr/bin/pkexec  

Expedition supports migration sections of the below Vendor's configuration to PAN-OS configuration **The list of tested Vendor OS version, version not listed here needs further validations ***Juniper VPN configuration conversion will be supported in Expedition 2.x    Table1: Expedition supports converting 3rd Party vendors config sections (Updated on 2021/01/5) Note: Table will be updated when new support added   Vendor Supported Vendor OS** Global Address Object Address Objects Address Group Objects Service Objects Service Group Objects Security Policy NAT Policy Network Interface (L3 only) Routing(Static Routes Only) VPN Checkpoint R75,R77 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔     > R80 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔   Cisco ASA 9.0, 9.1,9.6,8.2,8.4, ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔   FirePower [only in ASA syntax] ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔   Fortinet Fortigate 4.0, 5.0,6.0 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔   IBM XGS 5.1   ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔   Juniper All Netscreen Firewalls (ScreenOS) ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ***   Junos 11.4, 12.1, 12.3 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ *** Forcepoint Sidewinder   ✔ ✔ ✔ ✔ ✔   ✔ ✔     Stonesoft   ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔  

Question I am running out of the HD space in Expedition server , need to add more HD space. Answer Please refer below article for the instructions on adding a new drive and mount the drive to be used by Expedition: https://help.ubuntu.com/community/InstallingANewHardDrive

Question   I am getting below errors when issue $sudo apt-get update to update expedition to the latest package, how do I fix it ?   Err:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages Could not open file /var/lib/apt/lists/partial/conversionupdates.paloaltonetworks.com_expedition-updates_Packages.gz - open (13: Permission denied) Fetched 114 kB in 1s (57.0 kB/s) Reading package lists... Done W: The repository 'https://conversionupdates.paloaltonetworks.com expedition-updates/ Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://conversionupdates.paloaltonetworks.com/expedition-updates/Packages Could not open file /var/lib/apt/lists/partial/conversionupdates.paloaltonetworks.com_expedition-updates_Packages.gz - open (13: Permission denied) E: Some index files failed to download. They have been ignored, or old ones used instead.   Answer   Run below command: sudo rm /var/lib/ap t/lists/partial/* Then run below commands for updating Expedition to the latest version: sudo apt-get update sudo apt-get install expedition-beta  

Hello!   We know you are all concerned on having the Expedition tool on an old not-supported Ubuntu. You had requested several times to increase support for newer versions of the OS, and we have finally reached to the point we can present Expedition on Ubuntu 20.04 LTS.   We have updated our Expedition installer and some internal modules (Spark codes, database structures and webserver backend) to be able to support the tool installation on the current Ubuntu 20.04 LTS. The installation process is very similar as it used to be, but to help you in the task, we have written an Instructions document with multiple images that will certainly guide you.   And, on top of all this, we are providing a Transfer Assistant that will help you transferring all your Expedition projects, devices, user credentials, traffic logs, etc. from your old Expedition to a new one.   You will find the Installation document in our Expedition Documents section: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619   Let's start a new Expedition together!

  Palo Alto Networks, August 2, 2021   Dear Expedition Users,   During the years, we have evidenced a sustained and increased usage of the Expedition 1.0 tool, earlier known as the Migration Tool. As many of you know, we want to increase the number of functionalities in our tools, to enhance existing functionalities and to improve their quality.   To achieve these improvements, we have decided to join efforts with Professional Services. A dedicated team in Professional Services will take ownership of the code used for configuration translations from third party vendors to PANOS.   This strategy will improve the migrations that we have been offering during the years with the Expedition tool,  increasing the resources in the team dedicated to the translations,  improving the quality assurance with fewer bugs, having a closer the relationship with the Professional Services consultants that consume the translation functionalities on a daily basis,  increasing the number of Use Cases that are supported and decreasing the response time to support new functionalities , making the migrations in your projects more pleasant and efficient.   As a consequence, we have taken the decision to postpone the launch of Expedition 2.0 until April 2022, to guarantee the quality of the release and to extend the functionalities that the tool will provide. During this period, Expedition 1.0 will continue to be supported by the Expedition team, and we are working on updating our code and installation process to make it available for Ubuntu Server 20.04.   We would like to remark that Expedition 2.0 will continue being offered free of charge, as well as the translations from third party vendors to PANOS.   The Expedition Team  

Here you can find details about the Expedition Migration Tool Agreement.  

With the new version of Checkpoint Smartcenter R80, the way to obtain the rules has changed.    Exporting Configuration   To export the configuration from a Checkpoint R80 we are gonna need to download a tool from the Checkpoint's Github. We want to be sure we download latest version of the tool since the one it comes installed in your SmartCenter usually is old and may contain bugs.   So first open your preferred web browser and go to:   https://github.com/CheckPointSW/ShowPolicyPackage/releases   Check the latest, at the moment of updating this post latest version was 2.0.6, so in order to download it we have to click on the file named: web_api_show_package-jar-with-dependencies.jar   https://github.com/CheckPointSW/ShowPolicyPackage/releases/download/V2.0.6/web_api_show_package-jar-with-dependencies.jar   After download the file you have to UPLOAD it to your SmartCenter Server where Checkpoint R80 management is running. Use your SCP preferred tool to do it.   Please read the README.md file shown in https://github.com/CheckPointSW/ShowPolicyPackage to understand how to run the downloaded file properly, pay special attention to the Examples   Before you run the command verify the Checkpoint API is running otherwise this tool will fail to execute. Please read this if you don' t know how to enable/verify if your API is UP and Running   Now you can RUN the tool from CLI as EXPERT   java -jar web_api_show_package-jar-with-dependencies.jar -v   The output from that command will let you know what Packages are available to export   Last command we have to run is the following where PACKAGE_NAME is the name you have chosen from the previous command and in case you are in a MULTI-DOMAIN environment specify the DOMAIN_NAME too (-d is OPTIONAL):    java -jar web_api_show_package-jar-with-dependencies.jar -k <PACKAGE NAME> -d <DOMAIN NAME>   This will create a new tgz file which you will use as is to import into Expedition Importation page.   Exporting Routing and interfaces   From the Firewall CLI, you can run the following:   netstat -nr > routes.txt   With all this information, we can go to Expedition, Create a new Project, enter the Project, and go to IMPORT > CHECKPOINT > VERSION R80.   Assign a name to your configuration such as "MyInternetGW" Select the tgz file and attache it to the proper input Select the routes.txt for the routes Click UPLOAD   References: Checkpoint Website article about the show package tool    

Symptoms When Importing either PAN-OS configuration or 3rd party vendor configuration, the import progress bar stuck in the middle without throwing any errors.    Diagnosis All migrations in Expedition 1 leave traces for debugging in the error file located in /tmp/error. Below we present an example of an error that could be reported on a migration:    In this specific case, the migration parser could not complete due to a limit amount of RAM allowed to be used in the migration process (Allowed memory size of 4GB exhausted) Solution Fortunately, this is RAM limit simple to handle. In your Expedition WEBUI, go to "Settings" -> "CUSTOM PARAMS", increase the allowed RAM ("PARSER_max_execution_memory") to a larger value without exceeding your VM RAM. If you have 16G RAM in your expedition VM, you could change the value up to "16G"  as shown in the below screenshot below. Notice that in most of the cases, your configuration won't be as large that becomes necessary to allocate such a large amount of "Allowed RAM". For most scenarios, 4GB should be enough, therefore try allocating 6GB or 8GB until your migration can be completed.    

Expedition – The Glue Between IronSkillet and Best Practices Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet. https://github.com/PaloAltoNetworks/iron-skillet 

Access Expedition GUI Using Google Chrome with Certification Error   Symptoms Can't access Expedition GUI using Google chrome, error message ' NET::ERR_CERT_COMMON_NAME_INVALID'  displayed as below screenshot, and you are not able to proceed to the website.   Please note: It's best practice to not proceed to the site failed on certificate error only when self-signed cert is used in Expedition and you confirmed it's safe to proceed to the site.   View of Chrome Error - NET::ERR_CERT_COMMON_NAME_INVALID Diagnosis For Google Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and website certificate. If the certificate doesn’t have the correct subjectAlternativeName extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting them know that the connection isn’t private  and will not provide you an option to proceed to the URL.   Please see the article for more details: https://support.google.com/chrome/a/answer/7391219?hl=en   Solution Perform the below steps to re-install the self-signed certification with subjectAltName in Expedition: SSH to Expedition cd to /tmp Modify req.conf by issue below command: $ sudo vi req.conf copy and past below section in req.conf, modify attributes in the file to match your organization ........................................................................................ [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US (   Replace this with your county name) ST = VA  (   Replace this with your state name) L = SomeCity  (   Replace this with your city name) O = MyCompany (   Replace this with your company name) OU = MyDivision (   Replace this with your organization name) CN = 192.168.44.131 (   Replace this IP with your Expedition IP ) [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = 192.168.44.131 ( Replace this IP with your Expedition IP ) DNS.2 =   company.com  DNS.3 =   company.net ........................................................................................       saves the changes with ESC :wq!   Issue below commands in order: $ sudo openssl genrsa -out server.key 3072 -config req.conf $ sudo openssl req -new -x509 -key server.key -sha256 -out certificate.pem -days 730 -config req.conf $ sudo cp server.key /etc/ssl/certs/ $ sudo cp certificate.pem /etc/ssl/certs/   Modify the default-ssl.conf by issue below command: $ sudo vi /etc/apache2/sites-enabled/default-ssl.conf  Find below two lines in the default-ssl.conf and replace the path  SSLCertificateFile   /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key    with    SSLCertificateFile   /etc/ssl/certs/certificate.pem SSLCertificateKeyFile /etc/ssl/certs/server.key   saves the changes with ESC :wq   Restart Apache by issue below command: $ sudo systemctl restart apache2   Try access the Expedition GUI again Google chrome should now present you an option under "Advanced"   to proceed to the URL. 

Be the first to discover the new dynamic log connector functionality and learn about App-ID Adoption and the new Device Monitor...

Explore the Expedition Dashboard   Expedition Dashboard   There are 2 parts related to the VM Stats, one controls the stats for the local VM running the GUI and the ML Health in case is running on another VM shows the stats from the remote Expedition VM.   That means you can setup 2 Expedition VMs and use one for the GUI and another with more CPU and RAM to run the data analysis and machine learning. If this is your case just go to SETTINGS -> M. Learning and setup the IP address where your Expedition with more resources is running and click on SAVE.   The Task Manager must be always UP and controls all the backend jobs requested from the GUI like to retrieve contents from a device using the API keys.   Expedition comes with a self-check list to at least show you if there is something that can be improved in the system or if some dependencies or required functions are working properly or missing.   Close to the logo you can find the version and the released day plus what version of the Best Practices Assessment Tool is running.

What is Expedition?   Expedition is the fourth evolution of the Palo Alto Networks Migration Tool. The main purpose of this tool was help reducing the time and efforts to migrate a configuration from one of the supported vendors to Palo Alto Networks.   By using the Migration Tool, everyone can convert a configuration from Checkpoint or Cisco or any other vendor to a PAN-OS and give you more time to improve the results. Migration Tool 3 added some functionalities to allow our customers to enforce security policies based on App-ID and User-ID as well.   With Expedition, we have gone one step further, not only because we want to continue helping to facilitate the transition of a security policy from others vendors to PAN-OS, but we want to ensure the outcome is the best as possible. This is why we added a Machine Learning module that can help you generate new security policies based on real log traffic and the introduction of the Best Practices Assessment Tool to check the configuration complies with the Best Practices recommended by our security experts.   With all these huge improvements we expect the next time you use Expedition the journey to the excellence will be easier.   NOTE: Expedition is supported by the community as best effort   The Palo Alto Networks TAC does not provide support, so please post your questions in the community.   Go to: Expedition landing page on LIVEcommunity

This document describes the advantages of using Regions objects when importing the Rule Enrichment policy recommendations.

(DO NOT EDIT resolv.conf)   If needed, the steps to statically configure a DNS server to the Expedition server will be to edit the dns-nameserver in the /etc/network/interfaces file.    Editing resolv.conf is not reliable as any edits will be overwritten on reboot of the Expedition server.   expedition@Expedition:/etc/network$ sudo vi interfaces   Configured to use DHCP   # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).   source /etc/network/interfaces.d/*   # The loopback network interface auto lo iface lo inet loopback   # The primary network interface auto ens33 iface ens33 inet dhcp dns-nameservers  8.8.8.8  4.2.2.2   Configured with a static IP   # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).   source /etc/network/interfaces.d/*   # The loopback network interface auto lo iface lo inet loopback   # The primary network interface auto ens33 iface ens33 inet static        address 192.168.252.136        netmask 255.255.255.0        gateway 192.168.252.2        dns-nameservers      8.8.8.8 4.2.2.2

Please review the attached document for SHA256 hash of the Expedition OVA.  

This document describes how to enable and configure the new feature in update version 1.1.20 to enable the scheduling of log processing for the Machine Learning feature.

Expedition uses PHP to perform the backend actions. Some of those require interactions with MariaDB databases and use mysqli as a driver to connect to these databases.   In order to ensure that connections to the database are alive, we want to modify one of the PHP System parameters that allows reconnections to the database once those are lost.   Open a terminal to Expedition and edit the following files:   1. php.ini for Apache Edit the php.ini file for Apache with the following command sudo nano /etc/php/7.0/apache2/php.ini change (you can use the Search feature with ^W) mysqli.reconnect = Off to mysqli.reconnect = On Write the changes with ^O and exit nano with ^X     2. php.ini for CLI Edit the php.ini file for Apache with the following command sudo nano /etc/php/7.0/cli/php.ini change (you can use the Search feature with ^W) mysqli.reconnect = Off to mysqli.reconnect = On  Write the changes with ^O and exit nano with ^X     3. Apply the changes Once the changes are done, apply them by sudo service apache2 restart

The attached document has been used as a lab guide to configure the machine learning in your environment.    Replace the VM and Expedition details using your configuration and traffic logs to start using machine learning to show how App-ID can be employed to reduce the attack surface of your security policies.

Generate the XML configuration by running this command from the CLI   show configuration | display xml | no-more   Before you import a Juniper SRX into Expedition, there are some manual checks we can do to verify the migration will work.   The configuration must start only with <configuration> tag, you have to replace everything before or inside that tag by only <configuration> The configuration must end with </configuration> any other text after it must be removed         Here's an example on how a SRX config should look when you edit:   <configuration> .... .... </configuration>   For integrity validation is a good practice try to open the XML file from FIREFOX browser becasue if something is breaking the XML integretity FIREFOX will notice to you which line has an invalid character. You must replace the invalid character before upload it to Expedition This is an example of wrong configuration. It seems someone created the file but stored with wrong jumps on it, so Firefox will complain about the format.        If we edit the file, we can see this at line 911 of the config file:   <pre-shared-key> <ascii-text>$9$4xxxxxxxxxxxx</asc ii-text> </pre-shared-key>    To fix this example, we have to remove the break line after </asc to:   <pre-shared-key> <ascii-text>$9$4xxxxxxxxxxxx</ascii-text> </pre-shared-key>  Fix all the problems before importing into Expedition.   Hope this helps.

Expedition comes with a built-in messaging queue system.   This mechanism allows it to prepare some tasks and send it to the queue. With this, we can run jobs internally without having to wait until the job is finished in the same page we are.   The first thing you will have to do when you enter in Expedition is check if the process is UP or DOWN, click on START in case is DOWN. If this is DOWN the Jobs will not be executed until it get's UP again. Dashboard  Some of the tasks relaying in the TASK MANAGER are: Download contents from Devices Auto-Zone Function Retrieve dynamic reports from firewalls for App-ID and User-ID adoption Machine Learning     Debug: If you want to see the output generated by the jobs running from the Queue you can see the content here:   tail -f /home/userSpace/panReadOrders.log    

There are many ways to replace Zones in your Rules but there is one that really makes a difference.   The idea in this example is replace the Zone called VPN-Didac by Untrust. So the approach we will take is filter by the Zone and see where this zone is used and then do the replace.   From within the Project navigate to Network and then click on Zones.         From there right-click on the Zone (point he mouse over the name) we want to replace, in our case VPN-Didac and select Add to filter.   This will create a new filter and we need to activate it by using drag and drop to drop it under ACTIVE folder and click on APPLY FILTER button.       Navigate to TOOLS and Search and Replace. Select from the left panel where the output from the filters are listed the Zone we want to replace and then Expedition will search in what groups or policies has been used.     In our example we will click on Security Policies and we will select all the rules where this zone was seen and we will add to Replace, the same will do with the Nat Policies shown as well. After that we will click on REPLACE.   From the REPLACE view and keeping all the elements selected choose from the combo called Replace by "Zones" and then from the next combo called "To" select the zone you want to be replaced by the one you searched.     Click on Replace All and check from the Rules the change was effectively done.       Done !