Anyone know server sizing requirements for this? Minimum cpu, memory and storage?
Also, what is the recommended way to install?
I started by running the command
scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csvon my PA220.
root@Expedition:/PALogs# ls -l
total 64296
-rw-rw-r-- 1 expe
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW):
https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c
Be sure to go Settings > M. Learning > and change the Expedition ML Addr
...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini
sudo vi /etc/php/7.0/apache2/php.ini go to line where this ...
I ran into issues updating Expedition through my PAN Firewall running SSL decryption.
After a bit of troubleshooting there are two changes I needed to make on the expedition VM.
I've got a pretty straight forward ASA to Palo migration. I followed the guide step by step. Unused objects and invalid stuff has been removed. When I click on the merge button it stays in the pending state forever. (No error message or any other fee
...
Does Expedition actively use the following PALogs subdirs, or can I clean these out?
connections.parquet
sparkLocalDir
spark-warehouse
Basically, I am asking because I have a limited ammount of space and LOTS of logs being sent to the PALogs dir,
...
I am planning on using the migration tool to conver the config from pa500.
To do this once I get the same firmware on both the boxed do I also have to import the base config from the pa820 to the migration tool?
I also read somewhere something ab
...
I have several invalid address objects that were migrated with a name #.#.#.#/# and i want to replace the '/' with a '-' so that the name is valid, but the replace option is not functioning. The method was to right click and select predefined filters
...
I have run into two ASA pre 8.3 Problems.
1) importing a deny security rule that had a destination port of 445, was changed to be all tcp ports ( that would be a small problem =D)
2) Importing routes pointed to the inside with a vpn on the outside th
...
After upgrading to 1.0.105 I recieve an error that E: sub-process /usr/bin/dpkg returned an error code (1).
I also see the following error:
"No apport report written because MaxReports is reached already".
Any help would be appreciated.
Thanks,
Bob
I'm currently running 1.104 and tried the upgrde process as I always do before using Expedition. As of yesterday I recieve the following error:
Any help would be appreicated.
I'm importing my projects in both MT3.3 and Expedition 1.0.105.
Q? Why does MT3 import service objects using "_" underscore vs. Expedtion which uses "-" hyphens?
Q? Why does my services use underscores in Expedtion, yet, the objects in the serv
...
Warning if you use the test button next to an ldap server the userid and password are stored in clear text in /var/log/apache2/access.log since they are passed in the URL.
Example:
<IP> - - [19/Sep/2018:14:28:22 -0500] "GET /bin/authentication/ser
...
Hi,
I'm running Expedition 1.0.105 with BP rules version 3.2.0 and while the analysis in working some FW configs, I've got some other FW configs for which nothing happen. I'm, of course, able to import the config in the tool and browse it
but wh
...
There is currently no way to specifiy a prefix login attribute for binding to a ldap server. Our linux ldap server needs a DN along the lines of 'uid=<userid>,dc=<part1>,dc=<part2>' I can put the ',dc=<part1>,dc=<part2>' in the suffix but I have no w
...
Hi,
Any expert here can advice me if Expedition server support WebProxy setting? Some customer enviroment required to set webproxy setting so that the update will go through webproxy server. Not sure if Expedition support it?
Regards,
Joseph
I decided to start over after running into some self inflicted issues.
I downloaded the OVA provided by bartc88, upgraded it, remarked out the bind address in my.cnf, and rebooted. Dashboard is green. I configured all of my Panoramas and importe
...
When I am tcpdumping the connecting to an ldap server I can't see any differences between these two options from a quick look at the packet captures. What is the difference?
