Expedition 1.2.87 Hotfix Information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
No ratings

Version 1.2.87 (Date April 25, 2024)

PACKAGE DOWNLOAD

  INFORMATION

Link

https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb

sha1sum

3000ff8ca1bea84096e960aac059f277b8a7935c

apt update
sudo apt-get update; sudo apt-get install expedition-beta
manual update cd /tmp;
wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb;
sudo dpkg -i expedition_1.2.87.all.deb;

CHANGELOG

Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers.

Tool:

  • Rule Merge: Prevents merging of rules with "url_category" set to both "any" and a specific value.
  • Fixed UI issue displaying assigned logs/warnings for addresses in the warning tab.
  • Improved UI to show NAT matched security rules.
  • Optimized grouping of members in a group with over 500 members for better performance.
  • Added new filter to identify not_ghost_objects for easier duplicate detection.
  • Updated filters to include services with port >=65535 and invalid addresses in the invalid filters.
  • Added script sample to replace rule names with descriptions (/var/www/html/Os/scripts/renameSecurityRule.php).
  • Added script sample to create JSON or CSV file containing objects from a security rule (/var/www/html/Os/scripts/get_objects_from_rules.php).

Installer:

  • Fixed Erlang repository to support versions > 25.
  • Corrected command to add Expedition to www-data group.

Parsers:

 

FORTINET

  • Enhanced monitor/log to display more information during migration.
  • Resolved issue with creating services that start with "-".
  • Log now appears in the warning tab for easier access when viewing NAT rules.
  • When reading an FQDN with * (Reference used to implement this change: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRfCAK)
    1) Create an FQDN without the * with a log error
    2) Show the FQDN as invalid in the filters.

CISCO

  • Added warning for crypto maps without defined gateway (peer).
  • Identified and marked services not properly recognized in CISCO configuration and attached corresponding error for display in the warning tab.
  • Improved NAT rules logic to auto create inbound rules instead of bidirectional ones when applicable.
  • DNAT ports are only added if no translation is detected.

CHECKPOINT

  • Fixed issue with static routes mapped to bond interfaces ending with 0.
  • Enhanced monitor/log to provide more information when reading FQDNs with "*".

PALOALTO

  • Resolved PHP warnings during configuration import.
Rate this article:
  • 990 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-25-2024 03:26 AM
Updated by: