This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Expedition 1.2.56 Hotfix Information

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Expedition 1.2.56 Hotfix Information

dpuigdomenec
L4 Transporter

on ‎04-03-2023 02:16 AM

No ratings

Version 1.2.56 (Date Apr 3, 2023)

PACKAGE DOWNLOAD

  INFORMATION

Link

 https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb

sha1sum

4e684985e887d87fa3bbcc570004c9ef9f835aa6
apt update
 sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb;
sudo dpkg -i expedition_1.2.56.all.deb;

CHANGELOG

Fixing below Bugs:

GENERAL:

  • [MT-2598] - Autozone feature was creating duplicate NAT rules in case resulting destination to zone contains more than 1 member. Expedition was not checking if the required clone NAT rules was already created on the project.

  • [MT-2602] - Installer - Remove warnings when unpacking the installer file.

FORTINET: 

  • [MT-2588] - Fortinet - NAT and VIP rules conversion issues:

    1) NAT with multi services. Expedition is now creating (not repeated) service_groups with all services defined and adding a log warning message.
    2) Converting VIP to: U-Turn and bidirectional static NAT. Note: SNAT and DNAT rules will be created disabled, so user can delete them after checking it.
    3) NAT getting and reading more than 1 TP Source.
    4) Removing PHP warnings found during execution on /tmp/error file (not defined variables, casting issues, ...).

CISCO:

  • [MT-2595] - CISCO - Avoid creating a zone without a name due to the cisco interface is not declaring any name (command no nameif)
  • [MT-2597] - CISCO - NAT policy. Missing to create an inbound nat rule when ACL is " nat (any,any) source static X X' destination static Y Y' "

CHECKPOINT R80+:

  • [MT-2599] - Checkpoint - Below interfaces issues when a policy contains lots of firewalls/gateways:

1) There was no option to tell Expedition which FW interfaces it should use, instead Expedition is getting all defined FW on the policy: Workaround: Created a script that given the export config and a list of Firewalls, it generates a new export config maintaining only the required firewalls (OS/scripts/checkpoint_r80_util_remove_gateways.php).

2) When reading duplicated interfaces by name but in different FW/gateway Expedition was only getting the last address. Currently we are getting all them.

  • [MT-2600] - Checkpoint - Sec rules defined on sub-policies with users were not exported properly.
Rate this article:
0 Likes Likes
  • 1228 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-03-2023 02:16 AM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks