Expedition 2.0 Features suggestions

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Expedition 2.0 Features suggestions

L6 Presenter

Hi Expedition Live Community users, 

Expedition Developer team is in process of developing Expedition 2.0 and would like to hear your feedback.  Here is a brief overview of the new Expedition 2.0

Expedition 2.0 contains major features in previous version, and added below new features:

  • Brand new Web GUI
  • API enabled
    • Support automated workflows
    • Opportunity to create your own automation Library
    • Provides an automatable interface to Expedition’s configuration capabilities.
  • Enhanced Migration features
  • Automated “invalid object”-related fixes in Migrations
  • Auto validate configuration error and provide Wizard for auto remediation

We would love to hear your feedback on what you would like to see in expedition 2.0 !  Please provide us with feature requests in below format so we can all help make Expedition a better more useful tool to the community!  Thank you!! 


Feature Request  Title:


Current Use Case:


Suggested Idea:


Impact on Client(s): ( on scale of 1-5,  5 being the highest)


Priority: (on scale of 1-5, 5 being the highest)


L0 Member



I would like to request a feature to be added to Expedition to have the same abilities and actions (Merge/Filter/Used/Unused & etc...) on security profiles, as it has on other objects like address and service.


Thank you!

L0 Member

Better alignment with BPA results between Customer Success BPA and Expedition BPA


In past engagements I have used both the Customer Success teams BPA and the BPA tools inside of Expedition. My biggest frustration with using Expedition for a BPA is the results are not evaluated the same way as the CS-BPA so you can't easily interrelate the findings between the 2 tools. If the results could be more aligned, the customer could be shown how to use expedition to do the heavy lifting on building the overall transformation scores so when they return to the CS-BPA they will have predictable results.


Just saying, if anyone is listening

Just the facts mam... just the facts

L1 Bithead

Hello guys!

I would like to ask for two features:
1 - Validation of configuration before it has been exported.

2 - VPN Migration: Migrate both VPNs (from other brands) phase-I and phase-II and their respective virtual interfaces.




can you please explain both parts a little bit more closure:

1) what is your exact expectation?

2) do you have an explicit vendor in mind? or is this a general request?

Of course @swaschkut .

1 - It could be great if we can validate the configuration before export it from the Expedition, because when we import the XML file to the PA, sometimes there are a lot of errors, for example: Bad tags, bad data in router module, bad objects in general.

So, if we can validate the XML before export it, we can do these changes in the Expedition and then, validate it again and export it only when we are sure the file will work well in the PA.


2 - For Fortigate, for example. The 60% of migration that I do, are from Fortigates with multiples VPNs.


Tell if you want more details.

L1 Bithead

It would be nice to be able to see rule shadowing  in Expedition. I usually take the config into the firewall and do a validate commit to see shadows, and then go back into Expedition to  fix the rules.


It would also be helpful if all of the items that can be auto remediated in the BPA were  in a filter so you could fix those things first without searching through all of the BPA results and trying each item.

Hi Team,


I'm an SE and we have a lot of customer who are looking for :


1) VPN Migration for Phase 1 and 2

2) Better Integration in Panorama, it's not very simple to merge multiple firewall into panorama with shared object already existing. Do you think we can have a merge feature ? the goal is to create a project with multiple firewall and 1 panorama. the project will replace all object with the same value and help us to attach the different firewall to the panorama.

3) for the ML we have a created an ELK (docker format) and i will be curious if we can use it with Expedition to have a continious ML without important CSV (limited line) and bypass the syslog feature who have some limit too. for your information we can have some statistic for GP/Threat/System/Traffic with all version ! (for GP we parse the system event before the version 9.1)

Hi Team,


If you can add Stormshield firewalls to the list that will be great ! Migration Stormshield>Palo Alto are really bloody hell by translating manually the rules XD


Many thanks 

Hi @draynal ,


the option 2 is already present in Expedition 1.1.x. Just right click on all the objects and set merge by "name and value" or by name, or the option you find required.

It will calculate even if the resulting merged object should be moved to a higher DG so it offers visibility to all the beneath DGs where the merged objects were in use.


Regarding option 3, we already offer support with Splunk, but we have not initiated support for ELK. We will have to check in the future our plans to include more options

L1 Bithead

Feature Request  Title:

Shadows rules tuning

Current Use Case:


Suggested Idea:

Automatically fix hidden rules

Impact on Client(s): ( on scale of 1-5,  5 being the highest)


Priority: (on scale of 1-5, 5 being the highest)


  • 10 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!