Anyone know server sizing requirements for this? Minimum cpu, memory and storage?
Also, what is the recommended way to install?
I started by running the command
scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csvon my PA220.
root@Expedition:/PALogs# ls -l
total 64296
-rw-rw-r-- 1 expe
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW):
https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c
Be sure to go Settings > M. Learning > and change the Expedition ML Addr
...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini
sudo vi /etc/php/7.0/apache2/php.ini go to line where this ...
Does anyone know how to change the NTP settings in Expedition. For instance to point it to a local server?
Not sure if anyone else ran into this.
ASA's security policies are built based on post-NAT rules (post 8.3 OS)
With the tool, it builds the same rules with the post-NAT rules, private IP ... which will not work with PAN as the rule is built based
...
If you're looking to deploy Expedition into an ESXi environment you can use Fusion to convert the Expedition vmdk to an OVA format using the steps below.
I am running Fusion ver 10.1.3
________
YOU = Your username on your Mac
To deploy the
...
I noticed three checkpoint firewalls ina row that the interface IP's seem to reset to x.x.x.0 instead of .1 (or whatever it is) during migration and I did not see errors under monitor.
really not a big deal tool works great otherwise just though
...
My lab firewall runs PAN-OS 9 (beta) firmware. I noticed, that expedition won't handle the traffic logs from that unit due to changes in the output of the log.
I'm not sure, where we are with support for PAN-OS 9 on expedition and wonder if somone p
...
Noticed that many rules with source ports defined are not migrated over.
Instead, it creates a service only for the destination port/range and allows all ports through.
Below are a few rules. Is it a known behavior?
The first two allowed all u
...
We are in process of migrating ASA config to Palo Alto (multiple context asa to multiple vsys)
Loading the config into Expedition works fine and we are able to remap interfaces and rename zones that are too long in characters. However, when loading
...
Greetings,
I have assigned 4 CPUs to my Expedition VM, verified by checking /proc/cpuinfo.
When I log into Expedition, it reports 1 of 1 CPUs and CPU usafge is 101 of 100%.
Can someone please explain this difference between what Expedition is repor
...
I have a problem with Rule Enrichment.
The error_SecRulesEnrich gives these messages after analysing the data from a rule which has a lot of data (at least by APP-ID):
I am connected to a firewall, and i can analyse in Expedition the applica
...
We have quite a few Invalid Services. The only way to remove them is to remove all Unused Objects.
Is there a way to just remove the Invalid Services without having to remove all Unused Objects.
Looked in the ASA config and for the most part, the
...
Is it possible to derive the progress of changes over time in Best Pratices? Of course I would like to see the changes over time like we can do in online BPA.
How does the Best Practice remediate function work? I cannot find any documentation. Do I have to select the specific option in the template first or will Expedition/BP remediate all the rd x-ed optioons without asking?
While using Remediate and ch
...
Converting from ASA to PAN.
Is there a way to apply a Security Profile Group to a large # of security policies. One can only create a snippet for the individual profiles but not for a group. Tried to edit the policy itself and manually add a group
...
I think that Expedition is reporting storage incorrectly: both /home/userSpace and /temp are stated as using 58.9% of unit space. Also, how do I delete App-ID logs?
Am trying to run BPA from Expedition against a PAN baseline config.
Imported the config and clicked on Start Analysis from the Dashboard.
It says it is complete, but is 0% for everything.
There is no content/results in the Analysis, Security P
...
