Anyone know server sizing requirements for this? Minimum cpu, memory and storage? Also, what is the recommended way to install?
I started by running the command scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csv on my PA220. root@Expedition:/PALogs# ls -ltotal 64296-rw-rw-r-- 1 expedition expedition 65830760 Aug 1 17:35 mltest.csvdrwxr-xr-x 2 www-data www-data 4096 Aug 1 ...
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW): https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP. Then return to the Dashboad and Start the Agent. [UPDATE 6.4...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini sudo vi /etc/php/7.0/apache2/php.ini go to line where this variable is defined upload_max_filesize = 2M and replace by upload_max_filesize = 250M There...
We currently use Panorama to manage multiple firewalls across our organization. We have a Edge ASA Cluster we are needing to migrate over to an existing pair of Palo Alto Firewalls, managed by Panorama. I would like to only migrate over the Objects, Security Policies, and NAT rules, From the Cisco ASA config to the Panorama. I have impor...
Is there a Expedition "Key" anywhere that will tell you what each icon means? I am not sure what the spinning green check mark indicates, or non spinning green check mark means.
Hi everyone. I am really struggling to get Expedition working so I can use it to migrate setting from our existing firewall to new firewalls that will be managed by Panorama. I have deployed Ubuntu 20.04.* LTS Server (64-bits AMD) to an EXSi server followed the instructions on https://live.paloaltonetworks.com/t5/expedition-articles/expedition...
The imported config had an OSPF dynamic routing so some routes were not in routing table. Therefore zones aren't correct on some rules. I can add the routes from OSPF manually into VR in my Expedition project. But how do I force Expedition to re-populate zones throughout whole configuration, please?
I'm working on business unit segmentation projects so I have to identify rules affecting specific subnets and build a new policy. The policies are normally several thousand rules and sometimes over 15 thousand rules so the "Affects the IP" filter comes in very handy however I've noticed some behaviors which don't seem correct or maybe I'm not u...
how to create the Security Profile group in Expedition using Snippet
I am getting the following error when trying to scan my log folder on expedition "The '/PALogs/<firewall logs folder>' cannot be scanned. '." I am on version 1.1.101. I also am wondering if maybe my rsylog configuration is not right. The folders being created are created by root. I have no issues if I import files manually.
Hi, Im currently migrating a specific context of an ASA with version 9.6. The migrated rules reference the actual objects or any other network/service object group which name does not begin with "DM_INLINE". Is this as intended? im left with a lot of unused object groups named DM_INLINE that should probably get deleted if they are not refe...
When I used the "Unused" objects filter, it lists objects that are defined in rules and groups if there is no traffic, as well as objects that aren't used at all. We have some rules that are not used very often, but are still required, so the rules are listed as "unused" only because there has been no traffic for 30 days. Because of this, the ...
Dear All , I'm not able to access Expedition after I have installed it , I'm getting the following screen shot. Any idea how to solve this issue
Dear All, We want to migrate Cisco fire power 4000 series to Palo Alto NGFW. Could you please let me know the best way to do this migration? Thanks in advance! Best Regards, Muzammel Haque
Hello i have a question about the migration from forcepoint to paloalto network. Is there a link or documentation that explain step by step the migration.Forcepoint does not use uinterface or zone in its policies it just use source and destination address. Will expedition be aware to know the source zone and destination zone ? Cordially
I've embarked on my first FTD migration journey for a client and wanted to share my early [and tantalisingly promising] results. The customer is running NGFW Version 6.4.0.17 on FPR-2110 appliances. My exposure to FTD is on par with its popularity, so please bear with me. First thing to note is FTD (and FMC) is basically code running on Linux ...
Hi, Can Expedition migration Cisco Fire Power to Palo Alto? Thanks
Hi Team, I have an issue with Expedition tool. BPA does not give back any result, even though it reports that the analysis is done. Tool version is 1.2.84 (the same was for 1.2.83), best practices version is 3.33.0. Also tried to update python, but it did not help. Any hint, how to solve this issue? Thank you , Mihaly
reaper
on:
Preparing Exp Tool for Fortigate to PA migration
reaper
on:
Need to in Expedition tool from scrach
