This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Expedition 1.2.42 Hotfix Information

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Expedition 1.2.42 Hotfix Information

dpuigdomenec
L4 Transporter

on ‎11-08-2022 01:17 AM

No ratings

Version 1.2.42 (Date Nov 8, 2022)

PACKAGE DOWNLOAD

  INFORMATION

Link

 https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.42.all.deb

sha1sum

a2a74efc375a0533378c2aef995a2d1ab0d45173
apt update
 sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.42.all.deb;
sudo dpkg -i expedition_1.2.42.all.deb;

 

CHANGELOG

Improvements

  • MT-2504 - FORTINET - Expedition was expecting policies to be defined on the section "config firewall policy" but new Fortinet version contains policies ALSO in the section "config firewall security-policy". Added support to read both "sections" as Fortinet could have policies defined on both of them.

Bug

  • MT-2501 - STONESOFT - Reading address objects domain_name twice. Expedition is creating duplicated entries for address object typed as domain_name. Resulting on having duplicated address objects by name.
  • MT-2500/MT-2493/MT-2502: CISCO NAT issues:
  1. A NAT rule with an address group as original source and a single address as translated source could not be defined as static-ip, instead the NAT rule is defined as dynamic-ip-and-port.
    Example: nat (in, out) source static Network-Group Network-address destination static Network-Destination Network-Destination
  2. A NAT rule containing address groups as source, destination, translated source or translated destination named DM_INLINE* are replaced by its address members.
  3. A NAT rule with an address group as original source and an address group as translated source having different names BUT with the same members is considered a no source NAT.
    Example:
    object-group network DM_INLINE_NETWORK_1
    network-object object 1.2.2.2
    network-object object 1.1.1.1
    object-group network DM_INLINE_NETWORK_2
    network-object object 1.2.2.2
    network-object object 1.1.1.1
    nat (in, out) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_2 destination static Network-Destination Network-Destination
  4. A NAT rule with the same original and translated destination (without port translation) is not considered as DNAT rule, also translated destination is set to none.
    Example: nat (in, out) source static Original-Source TP-Source destination static Network-Destination Network-Destination
  5. A NAT rule with a bidirectional source translation and a destination translation (original and translated destination are NOT the same) is created as a NAT rule in Expedition with a Monitor log and the bidirectional flag disabled.
Rate this article:
0 Likes Likes
  • 1060 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎11-08-2022 01:17 AM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks