Expedition 1.2.56 Hotfix Information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L4 Transporter
No ratings

Version 1.2.56 (Date Apr 3, 2023)

PACKAGE DOWNLOAD

  INFORMATION

Link

https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb

sha1sum

4e684985e887d87fa3bbcc570004c9ef9f835aa6

apt update
sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb;
sudo dpkg -i expedition_1.2.56.all.deb;

CHANGELOG

Fixing below Bugs:

GENERAL:

  • [MT-2598] - Autozone feature was creating duplicate NAT rules in case resulting destination to zone contains more than 1 member. Expedition was not checking if the required clone NAT rules was already created on the project.

  • [MT-2602] - Installer - Remove warnings when unpacking the installer file.

FORTINET: 

  • [MT-2588] - Fortinet - NAT and VIP rules conversion issues:

    1) NAT with multi services. Expedition is now creating (not repeated) service_groups with all services defined and adding a log warning message.
    2) Converting VIP to: U-Turn and bidirectional static NAT. Note: SNAT and DNAT rules will be created disabled, so user can delete them after checking it.
    3) NAT getting and reading more than 1 TP Source.
    4) Removing PHP warnings found during execution on /tmp/error file (not defined variables, casting issues, ...).

CISCO:

  • [MT-2595] - CISCO - Avoid creating a zone without a name due to the cisco interface is not declaring any name (command no nameif)
  • [MT-2597] - CISCO - NAT policy. Missing to create an inbound nat rule when ACL is " nat (any,any) source static X X' destination static Y Y' "

CHECKPOINT R80+:

  • [MT-2599] - Checkpoint - Below interfaces issues when a policy contains lots of firewalls/gateways:

1) There was no option to tell Expedition which FW interfaces it should use, instead Expedition is getting all defined FW on the policy: Workaround: Created a script that given the export config and a list of Firewalls, it generates a new export config maintaining only the required firewalls (OS/scripts/checkpoint_r80_util_remove_gateways.php).

2) When reading duplicated interfaces by name but in different FW/gateway Expedition was only getting the last address. Currently we are getting all them.

  • [MT-2600] - Checkpoint - Sec rules defined on sub-policies with users were not exported properly.
Rate this article:
  • 962 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-03-2023 02:16 AM
Updated by: