Anyone know server sizing requirements for this? Minimum cpu, memory and storage? Also, what is the recommended way to install?
I started by running the command scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csv on my PA220. root@Expedition:/PALogs# ls -ltotal 64296-rw-rw-r-- 1 expedition expedition 65830760 Aug 1 17:35 mltest.csvdrwxr-xr-x 2 www-data www-data 4096 Aug 1 ...
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW): https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP. Then return to the Dashboad and Start the Agent. [UPDATE 6.4...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini sudo vi /etc/php/7.0/apache2/php.ini go to line where this variable is defined upload_max_filesize = 2M and replace by upload_max_filesize = 250M There...
I've got a number of objects defined in my policy that have tags, and are used in Dynamic Address Groups. The DAGs are then used in the policy, from a policy standpoint, they work great. The issue that i'm running into is that Expedition thinks the objects are simply unused. Since I'm trying to delete unused objects this creates a large number o...
After a week of logs from a NGFW I tryed to ML rules from it and got a couple of "suspicious" rules, for example these two below: In these, as you can see, the source, destination and service are any. What is the threshold that makes Expedition consider an any on the src.ip ou dst.ip? Is there a way to get the full list of destinations? Th...
I have vm fusion on a mac and the vm disappeared, but I found it on the drive but all projects were gone. Is there an issue with vmware fusion on mac, are the project files recoverable? thanks
When i used the expedition tool to merge the asa config and base config from palo. The tool keeps saying pending untill it finally times out . When i log in again the merge file says ready. But when i download it , it has nothing but the base config and nothing new was merged to it.
Hi. Trying to applifie some rule with expedition, and prior to 1.0.107 this worked fine. What im doing is adding Device, and Creating a project. Importing the configuration. Choose a rule to applifie and Retrive Apps on selected rule. I can see the the applications in App-ID Via Log. After removing Unknown-tcp/udp i try and app reconciliation ...
Hi' Anyone know how to get Expedition to show project statistics for only one FW in a Panorama setup with several firewalls. I got a new migrated firewall imported into Panorama and now its time to clean up and do some (a lot) enrichment/adoption. But the project show statistics from the complete Panorama so that's useless. I know i can thoo...
Hi All, Any idea on how to retreve deleted project work on Expedition tool.
Does anyone know how to change the NTP settings in Expedition. For instance to point it to a local server?
Not sure if anyone else ran into this. ASA's security policies are built based on post-NAT rules (post 8.3 OS) With the tool, it builds the same rules with the post-NAT rules, private IP ... which will not work with PAN as the rule is built based on post-NAT, public IP. Is there an option in the tool to convert the IP to pre-NAT?
If you're looking to deploy Expedition into an ESXi environment you can use Fusion to convert the Expedition vmdk to an OVA format using the steps below. I am running Fusion ver 10.1.3 ________ YOU = Your username on your Mac To deploy the OVA in ESXi 6.0 and earlier you will need to explicitly choose the has as sha1 (default is sha256...
I noticed three checkpoint firewalls ina row that the interface IP's seem to reset to x.x.x.0 instead of .1 (or whatever it is) during migration and I did not see errors under monitor. really not a big deal tool works great otherwise just thought I would share in case I am missing something and someone has a better solution to avoid this. ...
My lab firewall runs PAN-OS 9 (beta) firmware. I noticed, that expedition won't handle the traffic logs from that unit due to changes in the output of the log. I'm not sure, where we are with support for PAN-OS 9 on expedition and wonder if somone possibly wrote script to "sanitize" logfiles.... Regards, Walter
Noticed that many rules with source ports defined are not migrated over. Instead, it creates a service only for the destination port/range and allows all ports through. Below are a few rules. Is it a known behavior? The first two allowed all udp and tcp ports > 1023 The third rule allowed all TCP ports access-list OUT2IN extended per...
We are in process of migrating ASA config to Palo Alto (multiple context asa to multiple vsys) Loading the config into Expedition works fine and we are able to remap interfaces and rename zones that are too long in characters. However, when loading the config into the firewall it is unable to link the interfaces to zones vsys -> vsys1 -&g...
Greetings, I have assigned 4 CPUs to my Expedition VM, verified by checking /proc/cpuinfo. When I log into Expedition, it reports 1 of 1 CPUs and CPU usafge is 101 of 100%. Can someone please explain this difference between what Expedition is reporting and what is actually provisioned?
reaper
on:
Preparing Exp Tool for Fortigate to PA migration
reaper
on:
Need to in Expedition tool from scrach
