- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-17-2021 07:32 PM
Hi
I'm working on an SRX migration (first time) and in Expedition, all of the policies are locked (there are only Security policies in this situation). I need to tag all of the rules with a specific tag as I'm combining three firewall clusters into one (2 PANs sandwiching the SRX - I'm collapsing a 3-tier physical environment into a single firewall cluster). I need to mark the rules from the SRX as such since there will be duplication of rules. I can do it post-migration with PAN-OS-PHP since the zones are nearly all unique but I was hoping to do it in Expedition.
On a related note, when I try to add a tag, it just pops up the all/shared/vsys1 dropdown box next to the device XML name for the SRX.
Address/Address Groups/Service/Service Group objects are all editable but similarly I can't add any (I don't need to - just pointing it out).
And another item - remapping network interfaces: I can only remap them one at a time. Trying to do a bulk rename (they're all going from reth1 or reth2 to ae8 with the original sub-interface/VLAN tag ID). When I try I get the middle drop down box popping up with all or default_template14 listed. Interestingly, if I select default_template14 and then click the remap button with multiple selections I get a warning:
Please, select one, and only one, interface
Thanks!
11-18-2021 08:11 AM
If you can’t add objects and policy most likely you did not select the right context where the objects and policy located , try to switch to different vsys or contex on the lower right bottom . For remapping interface , you will have to do it one by one , if it’s interface with sub interface , you only need to remap on the main interface , the sub interfaces will auto remap.
11-18-2021 09:01 AM
Both "all" and "vsys1" have the same result for policies they're locked either way. Selecting vsys1 did allow me to add a tag, however.
Interestingly enough, even though the Policy | Security rules are locked, I was able to bulk add the tag I was able to created while vsys1 is selected.
So, I would consider that part resolved.
As far as network interfaces go, the main interface doesn't appear. Our SRX uses reth interfaces (redundant ethernet) instead of AEs or LAgs. There is a non-subinterface reth (e.g., reth0 vs. subinterface reth0.100) but the parent doesn't appear (in the same example, reth0 doesn't appear in the list of interfaces). This is true whether I choose any combo of middle drop-down box of all or default_template14 and right drop-down box of all, shared, or vsys1.
11-18-2021 09:12 AM
Not sure what version of expedition you are running , if it’s not latest version, I would suggest you do a upgrade first . If you still encounter issues , please send email to fwmigrate@paloaltonetworks.com
11-18-2021 09:30 AM
I updated last week to v1.2.2 and I see that it's showing an update is available. Let me give it a shot.
11-18-2021 10:24 AM
It didn't update much and still shows v1.2.2.
$ sudo apt-get update
Ign:2 https://conversionupdates.paloaltonetworks.com expedition-updates/ InRelease
Get:3 http://sgp1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu xenial InRelease [4,638 B]
Ign:4 https://conversionupdates.paloaltonetworks.com expedition-updates/ Release
Ign:1 https://www.rabbitmq.com/debian testing InRelease
Ign:6 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages.diff/Index
Ign:5 https://www.rabbitmq.com/debian testing Release
Hit:9 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:10 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Hit:12 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial InRelease
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:7 https://www.rabbitmq.com/debian testing/main amd64 Packages.diff/Index
Ign:8 https://www.rabbitmq.com/debian testing/main i386 Packages.diff/Index
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Get:19 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:20 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Hit:21 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu xenial InRelease
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:20 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:20 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Get:22 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:23 http://download.webmin.com/download/repository sarge InRelease
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Hit:24 http://download.webmin.com/download/repository sarge Release
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Get:20 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages [910 B]
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Get:26 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [2,049 kB]
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:14 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:17 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:11 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Err:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
404 OK
Ign:18 https://www.rabbitmq.com/debian testing/main i386 Packages
Get:27 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [1,525 kB]
Fetched 3,905 kB in 2s (1,451 kB/s)
Reading package lists... Done
W: The repository 'https://conversionupdates.paloaltonetworks.com expedition-updates/ Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://www.rabbitmq.com/debian testing Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages 404 OK
E: Some index files failed to download. They have been ignored, or old ones used instead.
$ sudo apt-get install expedition-beta
Reading package lists... Done
Building dependency tree
Reading state information... Done
expedition-beta is already the newest version (1.2.2).
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
$ sudo apt-get -y -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
$ sudo apt-get autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
11-18-2021 11:14 AM
Hello @justamoment
You are not updating expedition because your packages are not being updated as shown below there are a few errors.
W: The repository 'https://conversionupdates.paloaltonetworks.com expedition-updates/ Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://www.rabbitmq.com/debian testing Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages 404 OK
E: Some index files failed to download. They have been ignored, or old ones used instead.
We have a separate forum thread on the fix and you can refer to it here ( https://live.paloaltonetworks.com/t5/expedition-discussions/unable-to-update-expedition-quot-expedit... ) After running through these steps you should be able to update your expedition server to the latest version.
11-18-2021 11:35 AM
I replaced...
deb https://conversionupdates.paloaltonetworks.com/ expedition-updates/
...with...
deb [trusted=yes] https://conversionupdates.paloaltonetworks.com/ expedition-updates/
And reran it:
$ sudo apt-get update
Get:2 http://sgp1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu xenial InRelease [4,638 B]
Ign:3 https://conversionupdates.paloaltonetworks.com expedition-updates/ InRelease
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Ign:1 https://www.rabbitmq.com/debian testing InRelease
Ign:6 https://conversionupdates.paloaltonetworks.com expedition-updates/ Release
Ign:5 https://www.rabbitmq.com/debian testing Release
Ign:9 http://download.webmin.com/download/repository sarge InRelease
Ign:11 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages.diff/Index
Hit:12 http://download.webmin.com/download/repository sarge Release
Ign:7 https://www.rabbitmq.com/debian testing/main amd64 Packages.diff/Index
Hit:14 http://archive.ubuntu.com/ubuntu xenial InRelease
Ign:8 https://www.rabbitmq.com/debian testing/main i386 Packages.diff/Index
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Hit:20 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial InRelease
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Get:22 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:23 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Hit:24 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu xenial InRelease
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:23 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Get:25 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Ign:23 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Get:26 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [2,049 kB]
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Hit:23 https://conversionupdates.paloaltonetworks.com expedition-updates/ Packages
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Ign:10 https://www.rabbitmq.com/debian testing/main all Packages
Ign:13 https://www.rabbitmq.com/debian testing/main Translation-en_US
Ign:19 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en_US
Ign:15 https://www.rabbitmq.com/debian testing/main Translation-en
Ign:21 https://conversionupdates.paloaltonetworks.com expedition-updates/ Translation-en
Err:16 https://www.rabbitmq.com/debian testing/main amd64 Packages
404 OK
Ign:17 https://www.rabbitmq.com/debian testing/main i386 Packages
Get:27 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [1,525 kB]
Fetched 3,904 kB in 2s (1,546 kB/s)
Reading package lists... Done
W: The repository 'http://www.rabbitmq.com/debian testing Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages 404 OK
E: Some index files failed to download. They have been ignored, or old ones used instead.
$ sudo apt-get install expedition-beta
Reading package lists... Done
Building dependency tree
Reading state information... Done
expedition-beta is already the newest version (1.2.2).
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
$ sudo apt-get -y -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
$ sudo apt-get autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 177 not upgraded.
11-18-2021 12:23 PM
Hello @justamoment
You will need to also do this for rabbitmq which I believe is under the exrepo repo.
W: The repository 'http://www.rabbitmq.com/debian testing Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages 404 OK
E: Some index files failed to download. They have been ignored, or old ones used instead.
11-18-2021 01:17 PM
So, add this?
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages/
11-18-2021 01:20 PM
Yes go ahead and add that to all repos within that folder path and then do an update.
11-18-2021 03:38 PM
Please bare with me - I'm quite the Linux neophyte.
I added...
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages
to what was in the following repo files:
$ sudo vi /etc/apt/sources.list.d/adiscon-ubuntu-v8-stable-xenial.list
deb http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial main
# deb-src http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial main
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages
$ sudo vi /etc/apt/sources.list.d/deadsnakes-ubuntu-ppa-xenial.list
deb http://ppa.launchpad.net/deadsnakes/ppa/ubuntu xenial main
# deb-src http://ppa.launchpad.net/deadsnakes/ppa/ubuntu xenial main
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages
$ sudo vi /etc/apt/sources.list.d/ex-repo.list
deb [trusted=yes] https://conversionupdates.paloaltonetworks.com/ expedition-updates/
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages
$ sudo vi /etc/apt/sources.list.d/rabbitmq.list
deb http://www.rabbitmq.com/debian/ testing main
deb [trusted=yes] https://www.rabbitmq.com/debian/dists/testing/main/binary-amd64/Packages
And then when I ran the first update command, I got this error:
$ sudo apt-get update
E: Malformed entry 3 in list file /etc/apt/sources.list.d/adiscon-ubuntu-v8-stable-xenial.list (Suite)
E: The list of sources could not be read.
I also tried it with only the last .list fie being updated per above and got the same error for that file.
11-27-2021 11:23 AM
Hi - just bumping this as I'm still unable to make any progress. Thanks!
11-27-2021 03:56 PM
I did some tinkering and I *think* I figured out what I was supposed to do although I'm still getting that 404 on rabbitmq.
I added [trusted=yes] to the existing lines:
I still got rabbitmq errors so I took what was written previously and modified that file:
While it looks better, there are still failures:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!