09-05-2018 10:02 AM - edited 09-03-2019 11:59 AM
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW):
https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c
Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP.
Then return to the Dashboad and Start the Agent.
[UPDATE 6.4.2019]
Updated the OS and Expedition to 1.1.23.
There were a few new setting available with the upgrade, so a new directory /data was created and chowned to www-data.
There were resource alerts, so updated the /home/userSpace/environmentParameters.php file, so updated TotalCPUs to 2 and SparkRAM to 1592m. Moved image to S3. Note, image size has grown from allocated disk usage. I'll work on squeezing it down for the next release.
[UPDATE 2.22.2019]
I created a new OVA that is now at 1.1.6. All Ubuntu updates have been applied as well.
Permissions for the /datastore and /PALogs should work for all cases now.
VM Image was set to Version 10, so should work for VMware 5.5.
Made a change to /etc/default/grub and /etc/network/interfaces to always use eth0 instead of ensXXX.
Updated /home/expedition/update-expedition.sh to make upgrades easier.
SHA256 dad89cc3e2c031e70f548dab3bc96b84e0b2216593608dc09151159115463c65
[UPDATE 10.16.2018]
Updated Expedition to 1.0.106 and added all OS updates as well.
[UPDATE 9.18.2018]
It's been upgraded to 1.0.104, but you'll likely need to update it once installed. So just:
sudo apt-get update
sudo apt-get install expedition-beta
...or just use the update-expedition.sh script I created in the home directory.
I also fixed a couple of other issues:
Fixed the /PALogs directory permissions and updated the Parquet Path in the Machine Learning section. This fixes the "Parquet Path" error on the Dashboard.
Changed the "mysqli.reconnect" value in /etc/php/7.0/cli/php.ini to "On" to fix the mysqli.reconnect error on the Dashboard.
09-05-2018 01:28 PM
Let me just say that your timing is impeccable. I have been fighting to get the VM converted for esxi all day, trying to track down a Windows box I can use that has the right network access, enough disk space, admin rights, on and on. Roadblock after roadblock. Thank you.
09-11-2018 02:53 AM
Thank you for this ..
09-12-2018 04:08 PM - edited 09-12-2018 04:13 PM
I needed a version that could run on ESX 5.5, based on this KB: https://kb.vmware.com/s/article/1003746 , I needed HwVersion 10.
so I took Tobias' OVA and downgraded the Virtual Hardware Version to 10, while I was at it I updated Expedition to 1.0.104 and BPA to 3.2.0. This OVA should work with later version of ESX as well.
https://paloaltonetworks.box.com/s/mb3z1v50sw1c914z0q05gqm7y80b8w2x
Please test and let me know if any issues. I tested it on ESX 5.5 Update 3b build 3248547 (2015-12-08).
Expedition boots up with DHCP Client, so to get your currently assigned IP, log into the Console with Username: expedition Password: paloalto and use ifconfig to see your current IP.
then browse to https://<current IP> , and log in with Username: admin Password: paloalto
You should update it periodically. So just:
sudo apt-get update
sudo apt-get install expedition-beta
09-13-2018 02:45 PM
Dont forget to change the IP address in the Machine learning server address settings due to it being OP's IP of his ML Server.
09-18-2018 01:12 PM
I also had to do this from another thread:
/etc/mysql/my.cnf file:
bind-address = 127.0.0.1
That line should be commented out instead, like this:
#bind-address = 127.0.0.1
09-18-2018 01:14 PM - edited 09-18-2018 01:15 PM
I like using sudo nano to do this:
sudo nano /etc/mysql/my.cnf file:
--Press Cntrl+W to find "bind-address"
bind-address = 127.0.0.1
--Uncomment it as such:
#bind-address = 127.0.0.1
Cntrl +O to save it
Cntrl +X to exit, DONE!
09-19-2018 07:04 AM
Thank you so very much!!! I've spent 2 weeks trying to get the non-OVA to work. You are a lifesaver!
10-05-2018 02:39 PM
I had no ens33 interface so had to use "ip link" to realise it was ens34 because the VMX file had it as slot 34. Weird.
11-14-2018 08:32 AM
I have installed this ova on my vmworkstation 12.5 (windows) and get the below network error during boot. No network connectivity. Tried both vmxnet3 & e1000 with same results. Any idea's?
11-14-2018 10:24 AM
I've seen this in the past, it's the virtural nic name IIRC. There are a couple of ways to fix it, change all the names to the new nic name (ens160 or ens192, etc). I've added some kernel boot options in the past, too.
Have a look at this:
https://askubuntu.com/questions/824376/failed-to-start-raise-network-interfaces-after-upgrading-to-1...
Hope this helps!
01-09-2019 10:29 AM
This is aweomse, thanks! Any chance you could post the file-hash each time it's updated? Best assupmtion is that I just had a corrupt download but it would be nice to cross reference with the hash (downloaded twice today because the first one wasn't deploying in vmware due to a mismatch)
01-09-2019 10:34 AM
The hash is already part of the OVA. and Ova is a tar of .ovf, .vmdk, and .mf. the .mf is a plain text file that contain the hashes of the .ovf and .vmdk files, so it is internally validated. hence, the OVA is so much better than an OVF that requires manual hash validation. VMWare will warn you if you launch a corrupt OVA, but will not warn you if you try to launch a corrupt OVF/VMDK .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
