Anyone know server sizing requirements for this? Minimum cpu, memory and storage? Also, what is the recommended way to install?
I started by running the command scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csv on my PA220. root@Expedition:/PALogs# ls -ltotal 64296-rw-rw-r-- 1 expedition expedition 65830760 Aug 1 17:35 mltest.csvdrwxr-xr-x 2 www-data www-data 4096 Aug 1 ...
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW): https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP. Then return to the Dashboad and Start the Agent. [UPDATE 6.4...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini sudo vi /etc/php/7.0/apache2/php.ini go to line where this variable is defined upload_max_filesize = 2M and replace by upload_max_filesize = 250M There...
I'm just wondering when and if there will be a fix to the "remediate" button not working in Expedition version 1.1.68 and Best Practices version 3.21.3?
Dears, We've needed to upgrade our Panorama & firewalls for bug fixing reasons to PanOs9.1.1. Since the Panorama upgrade our migrations using Expedition are having issues: PanOS9.1.1 with Expedition: Expedition pre 1.1.56: after a merge and config import, following is the config load error on Panorama: "job failed because ...
After merging a config in Expedition, when you generate the XML you get two files: projectname.xml and projectname.zip. The ZIP contains a text doc with the set commands as well as the same projectname.xml and a larger projectname-pretty.xml. What is the difference between the two xml files? To further elaborate, here is a sanitized example:...
Hi Guys, I tried to add Panorama or Physcial PAN in the migraiotn tool for log connector but keep getting error "Error generating the api key". I dobule confirm the IP and login crediential are correct when I fill in but not sure what else I would check.
We are having difficulties logging into the web portal of Expedition – after entering credential and password, the browser just sits there showing “suthenticating … please wait” when I use Firefox. I could not even use Chrome or any other browsers to access Expedition web portal – I am getting ERR_SSL_KEY_USAGE_INCOMPATIBLE error message. Any su...
We are migrating multiple Cisco ASA pairs into PA-3260. PANOS 9.0.7, Expedition 1.1.69.3. Initially we are testing using a single ASA at a time. At least one of the "simpler" ASAs seems to migrate cleanly. Our "main" ASA is more complex. After working to clean duplicates and etc, we are able to get to the point where the Commit Check does not...
Hello, I have a policy rule imported from a Juniper with one Vsys. I'd like to split the rules and migrate them in different Device Group (Multiple VSYS) in a Panorama It seems that Expedition only give the possibilty to export the rules in one Device group in the Mapping tab. So if rules belong to multiple device, the only solution i ve found...
We had migration activity that causing the outage. After review the technical detail. we notice when merge service object, TCP-80 over write service-http. the actual firewall service-http use port 80 and 8080. Expedition pre-define as 80 only, that causing the problem. One more thing, when show running security policy and nat policy, palo al...
Hi all, I've got 2 different sets of PAN xml files, both contained firewall policies are almost identical, except 1 of them contains additional rules. I've imported both into Expedition and merge both configs together, such that the security policies would contained the set of policies from FW1 above, and the set of policies from FW 2 below. ...
When trying to import a file from a Cisco ASA 5525-X running FTD 6.2.0.2 we only get the vpn tunnel and nat rules. The security rulebase does not show up in the import. Is there a work around to get the whole rulebase imported?
Hi guys, I'm working with a customer who has Expedition installed on their network on Ubuntu 16.04. Expedition is on the latest version (1.1.68). I've setup a traffic log forwarder from one of their firewalls which connects to their Expedition just fine. I've added their Panorama device, pulled in the managed devices and running config. I've pro...
when we do panorama migration, before convert address group to share after convert address group to share, you can see firewall no longer shows address group name, and click member not able to locate specific address group. it happen to all other objects as well. just wondering if we can confirm this is some format syntax issue between expedit...
Hello, I have a PA-3020 device that I would like to use Expedition to help me Audit and Evaluate. I can't give Expedition direct access to the FW, so I've been trying to import XML files. I can't seem to get a full import of everything on the firewall. I found this posting, but it didn't have a resolution: https://live.paloaltonetworks.com/...
I have a client running Check Point R77 who wishes to migrate their Application Control policy. Does Expedition support conversion of a non-unified Check Point App Control policy? The policy is defined in a separate layer (non-unified policy), unified policy was introduced in R80. @aestevez ?
I'm migrating configuration from ASA version 8.2 and I noticed that quite a lot of objects are doubled and also some rules are doubled. If I look at doubled objects 1 of them has 'default' under 'src File' coloumn and the other has config file name in that coloumn (filename matching the one i imported). I only imported this named config file....
reaper
on:
Preparing Exp Tool for Fortigate to PA migration
reaper
on:
Need to in Expedition tool from scrach
