Expedition 1.2.56 Hotfix Information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L4 Transporter
No ratings

Version 1.2.56 (Date Apr 3, 2023)

PACKAGE DOWNLOAD

  INFORMATION

Link

https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb

sha1sum

4e684985e887d87fa3bbcc570004c9ef9f835aa6

apt update
sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb;
sudo dpkg -i expedition_1.2.56.all.deb;

CHANGELOG

Fixing below Bugs:

GENERAL:

  • [MT-2598] - Autozone feature was creating duplicate NAT rules in case resulting destination to zone contains more than 1 member. Expedition was not checking if the required clone NAT rules was already created on the project.

  • [MT-2602] - Installer - Remove warnings when unpacking the installer file.

FORTINET: 

  • [MT-2588] - Fortinet - NAT and VIP rules conversion issues:

    1) NAT with multi services. Expedition is now creating (not repeated) service_groups with all services defined and adding a log warning message.
    2) Converting VIP to: U-Turn and bidirectional static NAT. Note: SNAT and DNAT rules will be created disabled, so user can delete them after checking it.
    3) NAT getting and reading more than 1 TP Source.
    4) Removing PHP warnings found during execution on /tmp/error file (not defined variables, casting issues, ...).

CISCO:

  • [MT-2595] - CISCO - Avoid creating a zone without a name due to the cisco interface is not declaring any name (command no nameif)
  • [MT-2597] - CISCO - NAT policy. Missing to create an inbound nat rule when ACL is " nat (any,any) source static X X' destination static Y Y' "

CHECKPOINT R80+:

  • [MT-2599] - Checkpoint - Below interfaces issues when a policy contains lots of firewalls/gateways:

1) There was no option to tell Expedition which FW interfaces it should use, instead Expedition is getting all defined FW on the policy: Workaround: Created a script that given the export config and a list of Firewalls, it generates a new export config maintaining only the required firewalls (OS/scripts/checkpoint_r80_util_remove_gateways.php).

2) When reading duplicated interfaces by name but in different FW/gateway Expedition was only getting the last address. Currently we are getting all them.

  • [MT-2600] - Checkpoint - Sec rules defined on sub-policies with users were not exported properly.
Rate this article:
  • 1229 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-03-2023 02:16 AM
Updated by: