Anyone know server sizing requirements for this? Minimum cpu, memory and storage? Also, what is the recommended way to install?
I started by running the command scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csv on my PA220. root@Expedition:/PALogs# ls -ltotal 64296-rw-rw-r-- 1 expedition expedition 65830760 Aug 1 17:35 mltest.csvdrwxr-xr-x 2 www-data www-data 4096 Aug 1 ...
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW): https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP. Then return to the Dashboad and Start the Agent. [UPDATE 6.4...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini sudo vi /etc/php/7.0/apache2/php.ini go to line where this variable is defined upload_max_filesize = 2M and replace by upload_max_filesize = 250M There...
Static routes appear to not be able to be imported into CSV when using 1.0.106. Would someone please try and let me know if successful?
I have discovered that importing a Pre8.3 Config that has an interface dyanmic NAT (DNAT/PAT) causes the DNAT to be not an interface nat but a Translated Address NAT. I also made an earlier post on how these appear in the wrong order of operations (at the top) that no one has replied to. Also this problem will occur on dynamic NATs who's NAT is ...
I ran into issues updating Expedition through my PAN Firewall running SSL decryption. After a bit of troubleshooting there are two changes I needed to make on the expedition VM. Update cert file with your SSL Decrypt cert - This allows apt to trust your SSL decryption certificate Export the Root CA that signed your SSL cert in base64/PEM ...
I've got a pretty straight forward ASA to Palo migration. I followed the guide step by step. Unused objects and invalid stuff has been removed. When I click on the merge button it stays in the pending state forever. (No error message or any other feedback FWIW) So what logs can I check in the CLI to see where the merge gets stuck.
Does Expedition actively use the following PALogs subdirs, or can I clean these out? connections.parquet sparkLocalDir spark-warehouse Basically, I am asking because I have a limited ammount of space and LOTS of logs being sent to the PALogs dir, and I would like to set up something that can manage the free space by deleting the oldest files...
I am planning on using the migration tool to conver the config from pa500. To do this once I get the same firmware on both the boxed do I also have to import the base config from the pa820 to the migration tool? I also read somewhere something about the code versions on both the firmwares, how does the migration tool figure out the code vers...
I have several invalid address objects that were migrated with a name #.#.#.#/# and i want to replace the '/' with a '-' so that the name is valid, but the replace option is not functioning. The method was to right click and select predefined filters and 'Invalid Name' then going to Tools and trying the listed adjustment. Progress bar shows up t...
I have run into two ASA pre 8.3 Problems. 1) importing a deny security rule that had a destination port of 445, was changed to be all tcp ports ( that would be a small problem =D) 2) Importing routes pointed to the inside with a vpn on the outside that has a proxy ID (ACL with a remote destination) of the same inside route changed all of the sta...
After upgrading to 1.0.105 I recieve an error that E: sub-process /usr/bin/dpkg returned an error code (1). I also see the following error: "No apport report written because MaxReports is reached already". Any help would be appreciated. Thanks,Bob
I'm currently running 1.104 and tried the upgrde process as I always do before using Expedition. As of yesterday I recieve the following error: Any help would be appreicated.
I'm importing my projects in both MT3.3 and Expedition 1.0.105. Q? Why does MT3 import service objects using "_" underscore vs. Expedtion which uses "-" hyphens? Q? Why does my services use underscores in Expedtion, yet, the objects in the service group are converted with hyphens? Q? Why does Expedtion have so many duplicate objects and...
Warning if you use the test button next to an ldap server the userid and password are stored in clear text in /var/log/apache2/access.log since they are passed in the URL. Example: <IP> - - [19/Sep/2018:14:28:22 -0500] "GET /bin/authentication/servers/loginServers.php?_dc=1537385302801&id=1&type=LDAP&action=test&admin_us...
Hi, I'm running Expedition 1.0.105 with BP rules version 3.2.0 and while the analysis in working some FW configs, I've got some other FW configs for which nothing happen. I'm, of course, able to import the config in the tool and browse it but when I click on "Start Analysis", I see the progression bar but no result. Is there any special p...
There is currently no way to specifiy a prefix login attribute for binding to a ldap server. Our linux ldap server needs a DN along the lines of 'uid=<userid>,dc=<part1>,dc=<part2>' I can put the ',dc=<part1>,dc=<part2>' in the suffix but I have no way to force a prefix. Thanks
Hi, Any expert here can advice me if Expedition server support WebProxy setting? Some customer enviroment required to set webproxy setting so that the update will go through webproxy server. Not sure if Expedition support it? Regards, Joseph
reaper
on:
Preparing Exp Tool for Fortigate to PA migration
reaper
on:
Need to in Expedition tool from scrach
