HELP??? Expedition v1.2.88 always getting one invisible invalid Service so I can't export

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HELP??? Expedition v1.2.88 always getting one invisible invalid Service so I can't export

L1 Bithead

Hello!

 

I have been trying to migrate from Junos to a PA-5450 running PanOS v10.2.6 with Panorama v10.2.6-h3, although hopefully the version and model have nothing to do with this.

 

I keep ending up with a single hidden "invalid" Service.

 

I say "hidden" because when I click on the "1" saying I have an invalid service nothing shows.

 

After 10 or so iterations even working with my Resident Engineer, I realized that even when we just pull in the Palo configuration so that we can export to it, the Palo configuration has zero services or rules in it, and the only 3 services in Expedition are:

 

Eric_Troldahl_0-1715709065977.png

I still get a listing that says 1 invalid service.  These are predefined services that apparently Expedition creates for itself, but still marks one as invalid.  The only thing I can think is that it doesn't like "application-default" because of the port 0, but if it doesn't like it it shouldn't create it.

 

Does anyone know of a workaround? Some way to edit or fix or delete the invalid service?

 

I'm literally considering reinstalling the Ubuntu 16 .iso file and seeing if an older version is willing to play nice.  I'd try the Expedition v2 Beta, but I was warned both by someone in the Beta team and by my Resident Engineer that it "isn't really ready for production migrations" and I have 150+ Juniper Logical Systems to migrate to Palo.

 

Thanks,

Eric

 

3 REPLIES 3

L4 Transporter

Hi @Eric_Troldahl ,

 
Thanks for reaching out.
 
This is a bug and it will be fixed in the next release (1.2.89), ETA by the end of the week.
 
These 3 predefined services should not be listed as invalid ones:
  • application-default
  • service-http
  • service-https
Besides the Dashboard displaying the invalid service(s) you should be good to go with your Junos migration.
 
Is there any other issue you are having?
 
Best regards,
 
David

This is the only big issue I currently have.  I haven't been able to get an export, so I haven't been able to look at what comes in to Panorama from the load partial commands when I load in the addresses & groups, Services & groups, and Security Rules.

 

If you are saying that Expedition should still allow me to export, then yes, I am having an issue.  When I tried to copy from the left to the right pane in the Export Window, Security Rules flash momentarily on the right window and then disappear.  My resident engineer was relatively sure it was the invalid service that was stopping us from moving the data.

Regards,

Eric

 

L4 Transporter

Hi @Eric_Troldahl

The invalid services should not be the issue to get the export. Maybe there's another one.

To troubleshoot this issue:

1) Please make sure you are following the drag and drop mapping defined on the attached screenshots (FW and Panorama mappings).

2) After doing the drag and drop click on merge and check the file /tmp/error. If there's any error it will be included in this file.

3) Then execute the generate XML and set Output. Again check the file /tmp/error for any issue in the process.  

 

Let me know your findings and if needed we can jump into a quick call (request it using the fwmigrate@paloaltonetworks.com)

Hope this helps,

David

  • 1120 Views
  • 3 replies
  • 0 Likes
  • 77 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!