- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-31-2018 08:08 AM
I'm trying to run a BPA for one of my Panorama-managed devices. I got everything imported into the project, but the BPA never runs. The progress bar advances to "Done!" with no visible errors on the front-end, but Last Run stays at Never Analyzed. Checking the Apache error logs, it appears thta there's a missing executable (bpa-cli). Is this something we have to get separately?
05-31-2018 10:21 AM
Hi, we found an issue in new installations where the bpa was not properly updated, Please update your Expedition to 1.0.85.1 and try it again. Thanks
05-31-2018 10:21 AM
Hi, we found an issue in new installations where the bpa was not properly updated, Please update your Expedition to 1.0.85.1 and try it again. Thanks
05-31-2018 10:31 AM
Upgraded to 1.0.85.3 and the BPA is working now - thanks!. APT was/is complaining about the repo though.
Reading package lists... Done E: The repository 'https://conversionupdates.paloaltonetworks.com expedition-updates/ Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
I was able to work around it by disabling the checks but that's not ideal.
sudo apt -o Acquire::AllowInsecureRepositories=true \ > -o Acquire::AllowDowngradeToInsecureRepositories=true \ > update
05-31-2018 10:34 AM
We have to build a new repository with a stronger certificate, its a matter of time, its coming. Thanks
05-31-2018 03:58 PM
Thanks for this ! This solutions worked like charm. Looking forward to those new repos !
06-07-2018 11:36 AM
Hi,
Im having this issue with a specific config file, with others is working OK.
Looking at error.log in apache a get this:
Traceback (most recent call last):
File "/usr/local/bin/bpa-cli", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.5/dist-packages/best_practice_assessment_ngfw_pano/json/generate.py", line 274, in main
xml_config = XMLConfig.read_xml(args.xml)
File "/usr/local/lib/python3.5/dist-packages/best_practice_assessment_ngfw_pano/parser/xml_config.py", line 171, in read_xml
return cls(tree, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/best_practice_assessment_ngfw_pano/parser/xml_config.py", line 26, in __init__
self.version = float(next(iter(query.get_version(self.tree)), '0.0')[:3])
File "src/lxml/xpath.pxi", line 432, in lxml.etree.XPath.__call__
File "src/lxml/apihelpers.pxi", line 43, in lxml.etree._documentOrRaise
ValueError: Input object has no document: lxml.etree._ElementTree
Thanks for any help
06-10-2018 12:55 AM
Have you tried to upgrade to 1.0.88 and try it again?
06-12-2018 07:12 AM
Hi,
I just upgraded to 1.0.88, but I'm still getting no results with this specific config.
Thanks for your help.
06-18-2018 06:37 AM
Just for verifying, the VM you have was downloaded from here at live or you got the copy from another source? If was a different source please download and try the version its hosted here at live.
06-18-2018 12:38 PM
I downloaded the VM from live.
As I told you for other configurations I have tried it works ok, but there is a specific one that doesn't give results.
Thanks for your help,
06-25-2018 09:17 AM
It's working now with update 1.0.92 and the python update.
Thanks!
08-09-2018 09:08 AM
Any news about the new repo ?
Still having the following ssue in 2018 :
expedition@Expedition:~$ sudo apt-get update ... Reading package lists... Done W: The repository 'https://conversionupdates.paloaltonetworks.com expedition-updates/ Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. expedition@Expedition:~$ |
08-31-2018 05:10 PM
I'm not seeing any results in the BPA. I've tried with a Panorama XML as well as a running config from a connected device. The progress bar goes to "Done!" and I don't get any results.
Expedition version 1.0.103
BPA version is not showing anything
I've run apt-get update and install and still no luck.
09-03-2018 03:41 AM
Do you remember if after any expedition update you followed this instructions?
sudo bash /var/www/html/OS/BPA/updateBPA306.sh
Try to runnit from the cli if not.
09-10-2018 09:02 PM
I was able to get this running. I did the follwing:
expedition@Expedition:~$ sudo apt-get update
And I looked in the directory previously mentioned and found a zip:
expedition@Expedition:~$ cd /var/www/html/OS/BPA/ expedition@Expedition:/var/www/html/OS/BPA$ ls best_practice_assessment_ngfw_pano-master.zip
So I unzipped it:
expedition@Expedition:/var/www/html/OS/BPA$ sudo unzip best_practice_assessment_ngfw_pano-master.zip
Then cd to the directory and see the files:
expedition@Expedition:/var/www/html/OS/BPA$ cd best_practice_assessment_ngfw_pano-master/ expedition@Expedition:/var/www/html/OS/BPA/best_practice_assessment_ngfw_pano-master$ ls best_practice_assessment_ngfw_pano Dockerfile.test pytest.ini requirements.txt test-requirements.txt build.sh MANIFEST.in README.md setup.py VERSION
I read the README file and followed the "Clone method". Which is to use the pip command to install. I ran the following commands:
expedition@Expedition:/var/www/html/OS/BPA/best_practice_assessment_ngfw_pano-master$ cat README.md pip install -r requirements.txt ### a message warned me that I needed to upgrade pip sudo pip install --upgrade pip sudo pip install -e .
I went to the web UI and hit refresh and BAM! It worked.
I assumed this feature would be enabled by default, but I installed this in Fusion on my laptop and in the customer's environment after converting it with the VMware converter - both installs had the issue of not displaying BPA results after running the analysis.
I hope this helps.
Chris
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!