Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Expedition Release Notes for Hotfixes

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L7 Applicator
100% helpful (9/9)

Release Notes:

Version 1.1.90
Hash: sha1sum : 40c7508270bfd9d4e1d0e1a459cb00cddb38d732

Date 29/01/2021

Bug

  • [MT-1960] CISCO Firepower. Support for advanced trust rules
  • [MT-1961] CISCO Firepower. Do not recalculate Zones on Security Rules

 

Version 1.1.89

Hash: sha1sum : cedb1d25e01088b44a7a9dac3344b972b5446ed6

Date 15/12/2020

Bug

  • SCREENOS. Service timeout migration corrected

 

Version 1.1.88

Hash: sha1sum : de8ee5d3bc9a8d31571074c921b2abc1fe0fa809

Date 29/11/2020

Improvement

  • Filters. Support for identifying Security Rules that affect a certain IP, Range or Network

 

Version 1.1.87

Hash: sha1sum : c97cef81f4bfef2a46494ff3b8d094b5f6bd3314

Date 17/11/2020

Bug

  • Routes are incorrectly calculated affecting Autozone calculations. Bug introduced n 1.1.86

 

Version 1.1.86

Hash: sha1sum : 75a5cca15bda504db9766e65f9a741dff8c7a26f

Date 12/11/2020

Bug

  • [MT-1922] - Duplicate Address objects created with different values for CiscoASA migration. Crypto FQDNs presented as address objects
  • [MT-1923] - Some Security Rules missing "Checkpoint Target" field
  • [MT-1928] - Checkpoint R80 FQDN object support
  • [MT-1938] - Expedition Bug - Cisco ASA ipv4/ipv6 dual stack
  • [MT-1939] - Generate API request in subatomic mode stuck at "Log settings:vsys:shared". globalprotect profiles failure
  • [MT-1940] - Checkpoint. Address objects withIPv4 and IPv6 get duplicated

 

Version 1.1.85

Date 04/11/2020

Bug

  • [MT-1934] - Tag object API call is not generated in the API requests.

Version 1.1.84

Date 28/10/2020

  • Removed invalid line when calling tools.
  • Update for unique Expedition ID
  • CURL handling for large API calls on PANOS 9.1 and later

 

Version 1.1.83

Date 22/10/2020

Bug

  • [MT-1846] - API calls to push address objects back to Panorama 9.1.2 (probably on 9.0.8) produce "Invalid target object in edit handler"
  • [MT-1886] - NAT policy showing address object as "null" after merging address objects by value.
  • [MT-1906] - Checkpoint Migration missing Interface, vr and zone info
  • [MT-1913] - Panorama import creating duplicate interfaces - import issues

 

Version 1.1.82, 1.1.82.1, 1.1.82.2

Date 02/10/2020

Bug

  • [MT-1907] - Disabled IPSEC Tunnels not showing "disabled" when imported
  • [MT-1912] - SRX. Duplicated address objects when exists as global address object
  • [MT-1914] - ScreenOs. Incorrect reference of multi-protocol objects
  • [MT-1915] - Bulk Zone: Issue deleting zones
  • [MT-1916] - Bulk Zone: Issue adding zones to rules without zones

 

Version 1.1.81

Date 17/09/2020

Bug

  • [MT-1886] - NAT policy showing address object as "null" after merging address objects by value.
  • [MT-1893] - Checkpoint service-group objects imported as service-objects
  • [MT-1908] - ReportName Got Truncated after Panorama config export from Expedition

 

Version 1.1.80

Date 24/08/2020

Update

  • Updated Terms and Conditions

Version 1.1.79, 1.1.79.1

Date 14/08/2020, 18/08/2020

Bug

  • [MT-1892] - CHECKPOINT >R80. Services lost in security policies

New Feature

  • [MT-1890] - CSV Files. Support for PANOS 10.0

Improvement

  • [MT-1891] - Description: Support for (, { and [ elements

 

Version 1.1.78

Date 13/08/2020

Improvement

  • [MT-1885] - Checkpoint. In-line policies are missing

 

Version 1.1.77

Date 07/08/2020

Bug

  • [MT-1834] - Expedition GUI Hangs when click on "Unused" address objects from Dashboard
  • [[MT-1869] - Dashboard-NaN value shows in Unused and Ghost counts of Tag object
  • [MT-1877] - Unable to reference shared objects in vsys NAT rules
  • [MT-1882] - Security, NAT rules and interfaces missing when parse Juniper SRX nested group config

Improvement

  • [MT-1840] - BPA AutoRemediation on Template
  • [MT-1881] - CHECKPOINT. Include security rule target device for >R80

 

Version 1.1.76, 1.1.76.1

Date 03/08/2020

Bug

  • [MT-1797] - Dashboard-Showing all address objects are unused.
  • [MT-1876] - SRX. Zones missing in global policy

 

Version 1.1.75

Date 27/07/2020

Bug

  • [MT-1868] -Autozone. Issues when interface names are shared accross multiple VR

 

Version 1.1.74

Date 14/07/2020

Bug

  • [MT-1859] - SRX. Tunnels without vlan-id miss the tag
  • [MT-1861] - SRX. Address objects with invalid names in NAT rules
  • [MT-1862] - SRX. st0 Tunnel interfaces loaded as ethernet
  • [MT-1863] - SRX. vr1 takes more interfaces than it should
  • [MT-1864] - SRX. Load lo0 interface as loopback
  • [MT-1866] - ML Settings. Timezone issues
  • [MT-1867] - Snapshots. Limit to 5 automatic snapshots

 

Version 1.1.73

Date 06/07/2020

Bug

  • [MT-1854] - Import Project. Update Project DB after import
  • [MT-1855] - CHECKPOINT. Missing interfaces and routes in <R80

 

Version 1.1.72

Date 03/07/2020

Bug

  • [MT-1851] - CISCO. Zones get reassigned on new import
  • [MT-1852] - CISCO. Support address groups descriptions

Improvement

  • [MT-1847] - Cisco ASA remarks contain ";" , the ";" is missing in the description after convert

Version 1.1.71

Date 26/06/2020

Bug

  • [MT-1825] - Older CP Import not working v77.30 on Exp 1.1.69.3
  • [MT-1832] - Cisco ASA. Remarks are populated into wrong ACLs
  • [MT-1843] - CISCO. Issue with IPv6 with CIDR

New Feature

  • [MT-1831] - CleanUp Objects. Script to merge address objects in background
  • [MT-1844] - CISCO. Support for service timeouts

 

Version 1.1.70

Date 12/06/2020

Bug

  • [MT-1782] - Expedition - Unable to properly schedule daily import of machine logs
  • [MT-1798] - Older Checkpoint Import not working v77.30 - Rulebase not importing
  • [MT-1817] - BPA-Best Practice Adoption Pi-Chart does not reflect the correct adoption rate
  • [MT-1820] - Expedition predefined service-http object issue
  • [MT-1830] - CSV Files. Error importing logs from Splunk (CurlConnect)
  • [MT-1836] - BPA. Update radar view
  • [MT-1837] - CISCO NAT after-auto. Some rules were not correctly considered as after-auto, but placed as before-auto

Improvement

  • [MT-1814] - HealthCheck. Check PIP dependencies are installed
  • [MT-1835] - Delete Duplicated. Improve SQL calculations for object-reference updates

 

Version 1.1.69, 1.1.69.1, 1.1.69.2, 1.1.69.3

Date 28/05/2020, 05/06/202

Bug

  • [MT-1768] - BPA-Auto Remediate does not work
  • [MT-1811] - Clone NAT. Updates have a larger scope than they should
  • [MT-1812] - Checkpoint. Delete temporary files
  • [MT-1813] - Autozone. Limit the calculations to the given vsys
  • Checkpoint R80 parser does not complete. Parser not closed correctly

New Feature

  • [MT-1660] - CSV Logs. Read traffic logs rom Splunk
  • [MT-1795] - RE / ML. Offer thresholds for traffic filtering
  • [MT-1800] - API Calls. Improve feedback error message
  • [MT-1801] - HealthCheck. Check APT frozen packages

Task

  • [MT-1757] - M.Learning setting- Expedition ML Address probably not being saved on the fresh installed Expedition

Improvement

  • [MT-1794] - Checkpoint. Support for routing table per rulebase
  • [MT-1805] - CSV Logs. Splunk: Use earliest and latest options

 

Version 1.1.68

Date 28/04/2020

Bug

  • [MT-1780] - Config Import. Invalid Version error

Improvement

  • [MT-1671] - VPN Warnings. Provide Warning feedback
  • [MT-1770] - CISCO. IPSec Tunels missing ProxyIDs
  • [MT-1771] - Update Message. Improve message to assist Expedition Update

 

Version 1.1.67

Date 23/04/2020

Bug

  • [MT-1764] -Download Config. Unable to pull running config from Panos 8.1.14, 9.1.2

 

Version 1.1.66

Date 16/04/2020

Bug

  • [MT-1747] - Network -> Interface Goes up only to EthernetX/24 does not support ExternetX/25-28
  • [MT-1759] - Checkpoint. Address with netmask not convertible to CIDR
  • [MT-1761] - ASA Conversion - Security Policies Do Not Convert
  • [MT-1765] - Remap Interface. Sets interface as blank

New Feature

  • [MT-1750] - Export. Allow filtering subatomic API calls with commas
  • [MT-1751] - Export. Allow filtering subatomic API calls by device group

Improvement

  • [MT-1756] - Export. Filter by API response code
  • [MT-1762] - HealthCheck. Unused accounts

 

Version 1.1.65

Date 02/04/2020

Bug

  • [MT-1628] - Export: generated api with Mega doesnt work
  • [MT-1639] - Virtual Router: on RIP there are interfaces and they are not being read
  • [MT-1755] - Radius LDAP. Failing to test

New Feature

  • [MT-1742] - CSV Logs. Allow override AfterProcess from Panorama
  • [MT-1749] - Bulk Change. Append Description all rules (as include)
  • [MT-1753] - Palo Alto Networks. Slow import of Routes with objects
  • [MT-1754] - CSV Autoprocess. Compress/Delete second and later files Override by Panorama

Improvement

  • [MT-1745] - Add Description to security policy Bulk Change function

 

Version 1.1.64

Date 25/03/2020

Bug

  • [MT-1729] - Add version 9.2 to the getVersion function
  • [MT-1739] - Error when to click save on address object

Improvement

  • [MT-1692] - Palo Alto Networks. Slow import of Routes with objects

 

Version 1.1.62 & 1.1.63

Date 20/03/2020

Bug

  • [MT-1724] - Ghost Objects. It may provide more results than actual address objects
  • [MT-1725] - CISCO. Missing security Rules with warnings
  • [MT-1728] - CISCO. Some host objects get imported with CIDR=0
  • [MT-1731] - Filters. Use id as a value for the combo_operator
  • [MT-1733] - CSRF. Control on device report
  • [MT-1736] - CISCO. Missing some predefined services (e.g. icmp-echo-reply )

New Feature

  • [MT-1730] - Edit userDefinitions. Provide page to modify userDefinitions.php
  • [MT-1734] - AppID. Customize max number of rules to analyse
  • [MT-1735] - Filters. Rules without hits

Improvement

  • [MT-1732] - Dashboard. Provide info about address count
  • [MT-1737] - CISCO. Aggregate Sec Rules based on same remark

 

Version 1.1.61 and 1.1.61.1 and 1.1.61.2

Date 10/03/2020

Bug

  • [MT-1712] - CSV Files. Correct reporting device
  • [MT-1713] - CISCO. Sanitize Description text
  • [MT-1714] - Security Rules. Skip loading empty security rules list
  • [MT-1715] - Devices Monitor. Allow export

New Feature

  • [MT-1701] - Ability to identify logged in users
  • [MT-1716] - Filters. Show rules without hits

Improvement

  • [MT-1710] - RSyslog. Specify user owner of CSV logs
  • [MT-1711] - Update Expedition dependencies

 

Version 1.1.60

Date 05/03/2020

Bug

  • [MT-1709] - Invalid ranges

Version 1.1.59

Date 04/03/2020

Bug

  • [MT-1695] - CSV Logs. Unsupported logs are reported as processed
  • [MT-1696] - CSV Logs. Failure to process Summary on logs
  • [MT-1697] - CSV Logs. Failure to process CSV logs due to "rule" empty
  • [MT-1699] - CSRF. Direct the user to the logging page is session is expired

Task

  • [MT-1704] - Fortinet. Cover service ports in security rules involving VIP destinations (update)

Improvement

  • [MT-1700] - CSV List. Present processed logs by HA device
  • [MT-1702] - CSV Logs. Report reasons for not finding logs
  • [MT-1706] - CSV List. Allow files with spaces
  • [MT-1707] - CSRF. Control on file posting
  • [MT-1708] - Incomplete Jobs. Update jobs that have tasks completed.

 

Version 1.1.58, 1.1.58.1

Date 27/02/2020

Improvement

  • [MT-1682] - Import Config. Present date of the device's config in the grid
  • [MT-1686] - Devices. Catch control for listing files larger than 2GB over NSF
  • [MT-1687] - Invalid Address. Verify that an address object does start with a valid char
  • [MT-1691] - Fortinet. Cover service ports in security rules involving VIP destinations
  • Modify CSRF token expiration time

 

Version 1.1.57 & 1.1.57.1

Date 18/02/2020

Bug

  • [MT-1617] - Add "fixed" Cases in Consolidations' Calculations
  • [MT-1666] - FR - Merge on Policies for more than 10 cases in one pass

Task

  • [MT-1488] - Merge Rules: change behaviour

Improvement

  • [MT-1663] - App-ID Adoption. Support Consolidation with Recommended+Dependencies
  • [MT-1672] - Checkpoint. Rename import labels
  • [MT-1673] - RE. Separate incomplete and insufficient data traffic

 

Version 1.1.56

Date 13/02/2020

Bug

  • [MT-1653] - API Export: atomic complete but incomplete (policies) and sub atomic never completed
  • [MT-1661] - Checkpoint. Tags not created for section rules
  • [MT-1662] - Other vendors. Rules presented in a wrong order when selecting VSYS=all

Improvement

  • [MT-1664] - Radius Authentication. Include attributes for client identification
  • [MT-1667] - Dashboard. Invalid address objects for IPv6 wrongly calculated
  • [MT-1668] - Applications.xml. Update the default applications.xml file
  • [MT-1669] - Device Config files. Enable downloading not encrypted files
  • [MT-1670] - Authentication Server grid. Increase the last column to see the Test button

 

Version 1.1.55

Date 06/02/2020

Bug

  • [MT-1615] - Applications Signatures: does not load XML on UI
  • [MT-1648] - Sec Merge. Control on negated src/dst
  • [MT-1650] - API Export stuck at Generating Log Settings :: vsys:shared
  • [MT-1654] - Devices: Update "Panorama model" when selected and saved

Improvement

  • [MT-1646] - Consolidation Security Rules: Add explanation
  • [MT-1649] - Sec Merge. Improve feedback messages
  • [MT-1655] - Device Summary. Do not show local FW as disconnected from Panorama
  • [MT-1656] - CSV Logs. Support for panos 9.1.x
  • [MT-1657] - HealthCheck. Check for allowed DB connections

 

Version 1.1.54

Date 03/02/2020

Bug

  • [MT-1625] - Dynamic Address Groups may be considered as Unused
  • [MT-1634] - Expedition NAT issues
  • [MT-1638] - Support for multicast routing

Improvement

  • [MT-1640] - ML. Importing "any" may use (if exists) an invalid address object without ip_address

 

Version 1.1.53

Date 27/01/2020

Bug

  • [MT-1629] - RL Import. Ranges are created as ip-netmask instead of ip-range
  • [MT-1630] - Calculate Unused: Automatically called after RE import
  • [MT-1635] - UI: Error deleting unused objects: the objects panel and toolbox does not unlock

Improvement

  • [MT-1631] - SRX: Support for new Zone-based security policies in SRX
  • [MT-1637] - Checkpoint IPv6 network support for <R80

 

Version 1.1.52 & 1.1.52.1

Date 16/01/2020

Bug

  • [MT-1601] - XML Export. Error in application signatures
  • [MT-1604] - Doesn't uploaded Devices grid after added devices
  • [MT-1608] - Viewer Settings. Allow update user Settings in a project
  • [MT-1610] - Expedition Service Object Length
  • [MT-1613] - Issues with API output manager
  • [MT-1614] - Running v1.1.50 - after merging, export hangs at Generating Applications vsys/dg:vsys1
  • [MT-1616] - Update Tab context when clicking on Project Dashboard
  • [MT-1618] - Log Connector: source does not loaded correctly
  • [MT-1619] - Devices: device grid was filtered based on selected project

Improvement

  • [MT-1605] - Max Users. Allow parameterising. define ('MAXSUPERUSERS', 4); in /home/userSpace/userDefinitions.php
  • [MT-1609] - Rules Consolidation: Export to Excel Complete

Version 1.1.51

Date 10/12/2019

Bug

  • [MT-1220] - Address objects incorrectly being marked as unused - Panorama nested objects
  • [MT-1491] - Zones: Include list and Exclude list contains address, address groups objects
  • [MT-1581] - PanOS 9.0: Add GRE Tunnels from Network
  • [MT-1591] - IpSec Tunnel: update interface from Manual Key when change name to interface
  • [MT-1595] - CSV Rules: the "tag" column isn't imported
  • [MT-1596] - CSV Objects: the "tag" column isn't imported
  • [MT-1598] - Search & Replace: It takes a long time to load
  • [MT-1599] - Remove Unused Objects. After import some objects references in NATs were deleted
  • [MT-1603] - Filters. Hit count may miss some rules

Improvement

  • [MT-1587] - Remove/Calculate Unused objects. Perform process in background
  • [MT-1600] - Security Merge. Control on application default and disabled rules

 

Version 1.1.50

Date 25/11/2019

Bug

  • [MT-1556] - PanOS 9.0: Address - Add Type IP Wildcard Mask
  • [MT-1582] - Filter Invalid&Used: fails to filter
  • [MT-1588] - Static Route cannot be created within UI
  • [MT-1590] - CSV Autoprocess. Managed Device not processed when not having path and Panorama does not have autoprocess enabled

Improvement

  • [MT-1584] - Merge. Control ANY and Values merge on all fields in security rules
  • [MT-1586] - Security Rules. Show ML/RE rules with an icon

 

Version 1.1.49

Date 19/11/2019

Bug

  • [MT-1573] - Generate XML: error when generated zones
  • [MT-1578] - Autoprocess. Does not process the logs from all the devices
  • [MT-1579] - Calculated Used/Unused Objects: error when Calculating dynamic groups

Improvement

  • [MT-1574] - Monitor. Show all type of monitor entries

 

Version 1.1.48, 1.1.48.1, 1.1.48.2

Date 12/11/2019

Bug

  • [MT-1557] - Tags on Applications: doesn't load. Import/Export.
  • [MT-1571] - CISCO. VPN without peers stops parser
  • [MT-1572] - Checkpoint. Single IPv6 objects issue

New Feature

  • [MT-1431] - (Predefined) Filters to Hit Count on Security Policies
  • [MT-1567] - Threat Dynamic Reports

Improvement

  • [MT-1570] - Applications Window: Change UI

 

Version 1.1.47

Date 11/11/2019

Bug

  • [MT-1559] - Connector. Error when having multiple panorama connectors
  • [MT-1565] - Static group to Dynamic group
  • [MT-1566] - First Load Crash. environmentParameters not existing

New Feature

  • [MT-1496] - Bulk Changes Policies: Add/Delete Group Tags

Improvement

  • [MT-1558] - Connector. Create a dynamic connector to avoid multiple changes
  • [MT-1560] - Connector. Allow selecting the source from a device
  • [MT-1561] - App-ID Adoption. Allow processing "deny" rules.
  • [MT-1562] - App-ID Adoption. Collect incomplete and insufficient-data apps.
    [MT-1563] - CSV Processing. Clarify how to enable files for CSV processing

 

Version 1.1.46

Date 5/11/2019

Bug

  • [MT-1506] - Merge tags: merged all, not selected
  • [MT-1511] - Virtual Router: PanOS 9.0: Destination, Next Hop IP Address, Path Monitoring are address objects
  • [MT-1512] - Virtual Router: PanOS 9.0: Add FQDN on static routes Next Hop
  • [MT-1547] - Clone Window: Failure message on wait message
  • [MT-1548] - Tags null on Policies
  • [MT-1551] - PanOS 9.0: Merge Tags by Name: doesnt update on group tags
  • [MT-1552] - Regions: merge by Name or Value doesnt work

New Feature

  • [MT-1550] - CHECKPOINT R80.10. Added support for dynamic NATs

Improvement

  • [MT-1549] - Calculated Used/Unused: add group tags
  • [MT-1553] - Tags Menu: unify Menu Up & Down
  • [MT-1554] - Tags Menu: Add/Replace Prefix/Suffix
  • [MT-1555] - Regions Menu: unify Menu Up & Down

 

Version 1.1.45

Date 4/11/2019

Bug

  • [MT-1540] - CSV Processing. Listing files issues

Improvement

  • [MT-1541] - Devices. Skip Listing CSV Logs if possible
  • [MT-1546] - Device Summary. Avoid warnings

 

Version 1.1.44

Date 31/10/2019

Improvement

  • [MT-1534] - CSV Processing. Reduce time for file listing
  • [MT-1535] - CSV Processing. Support processing hundreds of files in one call
  • [MT-1536] - CSV List. Improve time setting PANOS version priority

 

Version 1.1.43

Date 30/10/2019

Bug

  • [MT-1479] -  Route Monitor being deleted
  • [MT-1485] - Replace Feature does not visualize all replacing options if a filter is applied.
  • [MT-1487] - Filters: on objects, filter with tags does not work
  • [MT-1497] - Virtual Router: On edit windows does not see RIP Administrative Distances
  • [MT-1507] - CSV Autoprocess. Compress/Delete second and later files
  • [MT-1508] - CSV Processing. Malformed CSV files crash Spark 2.4.3
  • [MT-1521] - CSV Processing. Add 'csv' as log type for new devices by default.

New Feature

  • [MT-1498] - Task Agent. Autostart when booting for new installs.

Improvement

  • [MT-1519] - CSV Processing. Improve panReadOrders feedback
  • [MT-1520] - CSV Processing. Allow processing files with .log extension
  • [MT-1518] - CSV Processing. Allow processing files under panorama managed devices

 

Version 1.1.42

Date 23/10/2019

Bug

  • [MT-1505] - RE Import. Check UTF8 encoding for user names

New Feature

  • [MT-1472] - Version PanOS 9.1: Edit Rules: Add "group-tag" on editor rules
  • [MT-1484] - Device Monitor

Improvement

  • [MT-1486] - CISCO. Support for src port services
  • [MT-1489] - CISCO. Service any from 0-65535
  • [MT-1499] - www-data in expedition group
  • [MT-1504] - Filters. Allow multiple levels of filter operators

 

Version 1.1.41 and 1.1.41.1

Date 17/10/2019

Bug

  • [MT-1002] - PanOS-9: add "group-tag" in all policies
  • [MT-1451] - Appoverride Rules: When editing the rules, the zones add any
  • [MT-1453] - Appoverride Rules: On edit rules set Application and Port field required
  • [MT-1456] - Scheduled tasks. No task found
  • [MT-1457] - Merge Rules: add "target" options
  • [MT-1458] - Cloned Rules: On Nat/Appoverride Rules missing cloned target
  • [MT-1461] - CSV Processing. File size incorrectly reported
  • [MT-1462] - Invalid Rules. Filter does not show results
  • [MT-1465] - SRX. Device Static Routing not imported when VR is defined
  • [MT-1466] - Virtual Wires: When edit interfaces and selected virtual wire, change automatically interfaces on virtual wires
  • [MT-1467] - PALOALTO: error on export log-authentication-timeout from authentication rules
  • [MT-1473] - Expedition Bug - Applying Filters (v1.1.40)
  • [MT-1475] - Dashboard. Invalid rules
  • [MT-1482] - Checkpoint. Issue with address IPv6 addresses in <R80

New Feature

  • [MT-1003] - Version 9: add "uuid" in all policies
  • [MT-1468] - CSV Processing. Support for PANOS 9.1 Beta.
  • [MT-1480] - RE Import. Consider compacting Service High Ports
  • [MT-1481] - RE Import. Consider importing networks

Improvement

  • [MT-1469] - Change CSV Log permit. Increate feedback
  • [MT-1470] - Job monitoring. Verify the proper counts of failed jobs

 

Version 1.1.40

Date 09/10/2019

Bug

  • [MT-1442] - Profiles on Security Rules: doesn't rendered correctly File Blocking
  • [MT-1443] - Best Practices / Threat Practice: error in parameters from function
  • [MT-1446] - CSV List. Empty (0 size) files provoke UI error and timeouts

New Feature

  • [MT-1439] - Filters: change columns behaviour

Improvement

  • [MT-1445] - Checkpoint. IPv6 host and network objects support

 

Version 1.1.39

Date 04/10/2019

Bug

  • [MT-1208] - Dashboard: doesnt rendered correctly values from Tags
  • [MT-1433] - CSV Processing. Error accessing CSV file while processing
  • [MT-1434] - CSV Processing. May loop on a file multiple times

New Feature

  • [MT-1421] - Tags: Add Filter (Predefined) Used and Unused and link to Dashboard
  • [MT-1405] - ZONES. Bulk change delete

Improvement

  • [MT-1184] - Networks Menu: unify Menu Up & Down
  • [MT-1397] - CSV Files. Show warning if file to big for GZ
  • [MT-1435] - Device Listing Timeout. If ML settings are incorrect, Expedition may give timeouts

Version 1.1.38

Date 26/09/2019

Bug

  • [MT-1076] - FQDN address being incorrectly marked as invalid
  • [MT-1186] - Panorama - a specific DG cannot be selected
  • [MT-1221] - Interfaces not being imported into the correct VSYS
  • [MT-1225] - Log processing - failing due to memory issues
  • [MT-1395] - CISCO. Non-utf descriptions support
  • [MT-1403] - Dashboard:warnings on rules are not correctly calculated 
  • [MT-1417] - Checkpoint. Issue with address group creation in R80.10 (2)

Version 1.1.37

Date 20/09/2019

Bug

  • [MT-1387] - Checkpoint. Issue with address group creation in R80.10

Improvement

  • [MT-1386] - STONESOFT. Interfaces in virtual fw_cluster

 

Version 1.1.36

Date 19/09/2019

Bug

  • [MT-1165] - FGT migration - not considering case sensitive address object naming - causing incorrect migration
  • [MT-1168] - CSV Interface. Some interfaces are not correctly imported
  • [MT-1185] - ASA migration - failing when migrating crypto profiles
  • [MT-1202] - ASA migration - NAT rules not migrating
  • [MT-1217] - Merge by Name and Value - Failing for address-groups, results in merging Groups with same name but different members
  • [MT-1223] - Zones - remove the option to add them to 'shared'
  • [MT-1284] - WebUI - no longer displaying 'Known Applications by rule' pop up
  • [MT-1286] - UI: Known Applications: the tree Applications doesnt rendered correctly
  • [MT-1377] - Applications Groups Menu: Selected Predefined Filter doesnt work
  • [MT-1379] - Issue with merging of service objects with same dport value but different timeout
  • [MT-1380] - Applications Groups: Predefined Filter Name & Value and Merge, error on select when default_applications

Improvement

  • [MT-1320] - CSV Processing. Do not allow clicking on "Process Files" within a Panorama device
  • [MT-1371] - CSV Processing. Save PID to be able to check if the process failed
  • [MT-1283] - New Project. Cannot add device during new project creation (applications.xml containsa dependency loop)

 

Version 1.1.35

Date 14/08/2019

Bug

  • [MT-1203] - Checkpoint R80.x0 - migrating NAT rules twice (duplicating them)
  • [MT-1216] - Updates 1.1.34: Unknown column 'vsys' in 'config_views'

Improvement

  • [MT-1214] - Invalid Sec Rules. Mark as invalid rules those containing incomplete and insufficient-data apps

 

Version 1.1.34

Date 13/08/2019

Bug

  • [MT-997] - CISCO. down interface is considered for routing
  • [MT-1138] - AutoZoneAssign - not finding the VR from a template
  • [MT-1201] - Checkpoint R80.10/.20 - incorrectly migrating vsys/DG names causing migrations to fail
  • [MT-1205] - WebUI - Export page - deleting a single item results in removing the entire config file
  • [MT-1211] - AutoZoneAssign - incorrectly using the DG as the vsys assignment
  • [MT-1213] - AutoZone. Do not consider "down" interfaces for routing tables

Improvement

  • [MT-1209] - CSV Processing. Allow processing using the priovidrd path even not having saved device settings
  • [MT-1210] - CSV Processing. Provide human-readable feedback
  • [MT-1212] - Network Interfaces. Show down interfaces as disabled rows

 

Version 1.1.33

Date 08/08/2019

Bug

  • [MT-1041] - Stonesoft import - errors on import. Initial support for virtual_fw devices
  • [MT-1126] - Load snapshot - Cancel option does not stop the loading of the snapshot
  • [MT-1147] - Save snapshot - support saving and loading without manually typing a name
  • [MT-1192] - Spark - not processing traffic logs when hostname has an underscore
  • [MT-1199] - ML. Wrong naming convention when importing networks

New Feature

  • [MT-1195] - For ML and RE - add the option to analyze 'incomplete' logs

Improvement

  • [MT-1154] - Tags - check for duplicate tags (Dashboard information)
  • [MT-1194] - Spark java.net.UnknownHostException. Issues with the hostname. Healthcheck for hostname without "_"

 

Version 1.1.32 (Requires expeditionml-dependencies-beta v. 0.1.3)

Date 02/08/2019

Bug

  • [MT-1150] - WebUI filter for NAT - create a filter for 'Interface'
  • [MT-1185] - ASA migration - failing when migrating crypto profiles

Improvement

  • [MT-1187] - Add "Mark as Fixed" button warning messages on Warning Tabs Editor Rules
  • [MT-1188] - HealthCheck. Check for installed versions
  • [MT-1189] - Spark. Upgrade to Spark 2.4.3 (ML and RE performance and feature improvements)
  • [MT-1190] - panReadOrders started. Create a script to automatically start panReadOrders agent

 

Version 1.1.31

Date 31/07/2019

Bug

  • [MT-1149] - ASA - not migrating NAT rules
  • [MT-1169] - CISCO. VPN - IKE gateway wrong interface if multiple "crypto map" entries are available
  • [MT-1170] - CISCO. VPN IPsec crypto profile - no unique name created
  • [MT-1174] - CSV NAT import: not all values for "interface" ingested
  • [MT-1176] - Policies editor: Do not show corrected warnings
  • [MT-1177] - CSV: added log twice, one with name and another empty
  • [MT-1181] - CSV Processing. Identify jobs that started more than 24h ago
  • [MT-1182] - Bug when Remapping Interfaces
  • [MT-1183] - App-ID adoption - timing out when requesting traffic logs

Task

  • [MT-1171] - UI: Connector, change order from Top

Improvement

  • [MT-1172] - ML: Provide network only for IPv4
  • [MT-1173] - ML Settings. Trim paths before saving new Path
  • [MT-1178] - Scheduled tasks. Check for scheduled tasks every 30 sec
  • [MT-1180] - CSV Processing. Provide feedback in bar

 

Version 1.1.30-h2

Date 24/07/2019

  • Temporarily Disabled: [MT-1158] - ML: Create advanced features to allow network import

 

Version 1.1.29-30

Date 24/07/2019

Bug

  • [MT-1099] - IronSkillet - reports are being incorrectly written to the wrong XPath
  • [MT-1119] - CSV: Service any when importing security rules
  • [MT-1133] - App-ID adoption with Panorama / Cortex
  • [MT-1148] - IronSkillet: Add variable INCLUDE_PAN_EDL
  • [MT-1151] - ASA Parser - new format managed from FMC (Firepower Mgmt Console)
  • [MT-1155] - CISCO. Firepower import fails
  • [MT-1064] - Ext.util.Event.getFireInfo(): No method named "onBeforeLoadReports"
  • [MT-1159] - ML - returning incorrect results – Time Frame Override cannot be cleared
  • [MT-1160] - UI: Convert Basic Event Binding to View Controller Event Binding
  • [MT-1161] - Ext.JSON.decode(): You are trying to decode an invalid JSON String: undefined
  • [MT-1162] - CISCO. Parsing users is not taken \ for group\user
  • [MT-1163] - ASA User-ID Mapping reslove missing "/"
  • [MT-1164] - UI: Window Download doesn't worked
  • [MT-1166] - CISCO. VPN – IKE crypto lifetime is not set correctly

Improvement

  • [MT-1156] - Scheduled log processing – add details to the status messages
  • [MT-1158] - ML: Create advanced features to allow network import

 

 

Version 1.1.28

Date 04/07/2019

Bug

  • [MT-1094] - IronSkillet templates - incorrect MGMT_IP in the XML config
  • [MT-1134] - Edit Project: When asigned devices, devices grid does not reload all devices
  • [MT-1142] - Checkpoint R80.10 parser - hanging on zone calculation for NAT rules. Method missing

Improvement

  • [MT-1145] - CSV Autoprocess. Reset last_execution time to allow re-execution
  • [MT-1146] - Expedition Installer. Verify Expedition user exists

 

Version 1.1.27

Date 04/07/2019

Bug

  • [MT-1047] - Rule Enrichment - Change the order when importing rules
  • [MT-1130] - Checkpoint R80.10/.20 - not importing security or nat policies
  • [MT-1139] - Checkpoint. R80 NAT service may load incorrectly
  • [MT-1140] - Filters. Address groups with 1 member misses some matches

New Feature

  • [MT-1121] - Bulk Change. Add Zone to all rules (as include)
  • [MT-1141] - Filters. Address objects not used in groups

Improvement

  • [MT-1132] - WebUI - Devices header wording change
  • [MT-1136] - Load Applications.xml. Protect against recursive-loop dependencies
  • [MT-1137] - Rule Enrichment. Improve performance by reducing number of queries

 

Version 1.1.26

Date 27/06/2019

Bug

  • [MT-1118] - Search and Replace - 'Remove' option fails when the DG selection is set to 'All'
  • [MT-1122] - ASA migration - add migration support for DM_INLINE service objects
  • [MT-1124] - Periodic CSV Process. Stops if one firewall does not have logs to process
  • [MT-1128] - Invalid policy names - length calculation needs to be adjusted for PAN-OS 8.x and 9.0

New Feature

  • [MT-1120] - Service import - check for valid destination port ranges
  • [MT-1129] - Policy merge - add the policy name of the merged policy into the description into the new policy

Improvement

  • [MT-1080] - Backup directory - limit to 20 snapshots
  • [MT-1127] - VM Setup. Script to setup Expedition on clean Ubuntu 16.04
  • [MT-1131] - Sec Merge. Improve performance

 

Version 1.1.25

Date 20/06/2019

Bug

  • [MT-1054] - Radius Server. Reports test connection errors as LDAP
  • [MT-1066] - SRX migration - custom service timeouts not being migrated
  • [MT-1111] - CSV Nat. Importing NAT rules misses to capture src and dst fields
  • [MT-1112] - UI: console log when edit services
  • [MT-1113] - CSV: delete the first columns mapping
  • [MT-1115] - CSV Service Import. Dport not loaded correctly
  • [MT-1116] - XML generation - removed LLDP profiles
  • [MT-1117] - XML generation - adding 'merged' tag into the incorrect XPath

 

Version 1.1.24

Date 12/06/2019

Bug

  • [MT-1087] - Web UI - multiple refreshes automatically after upgrade to 1.1.21
  • [MT-1091] - Interfaces: when edit lost IP Address
  • [MT-1092] - XML generation - failing to generate XML file
  • [MT-1095] - Interfaces: remove Link Settings from Vlan, Loopback and Tunnel
  • [MT-1096] - Interfaces Log Card/Decrypt Mirror: Import/Edit/Export
  • [MT-1098] - Interfaces: remove field Type from Vlan, Loopback and Tunnel
  • [MT-1103] - JOBS Listing. Include STARTED tasks in the view of pending
  • [MT-1104] - Spark Log. Create entry for RuleDistanceCalculator
  • [MT-1109] - CSV Summary. Perform the summary on HA device as well

Task

  • [MT-1106] - Script New Installation. Located in /var/www/html/OS/installation

Improvement

  • [MT-1100] - HealthCheck Jobs. Verify all the jobs are correctly reported
  • [MT-1101] - Device Reload. Force device reload on "reload", not on tab click
  • [MT-1102] - Snippet Reload. Force snippet reload on "reload", not on tab click

 

Version 1.1.23

Date 2/06/2019

Bug

  • [MT-1105] - GUI Logging loop. Control when backend does not report correctly a valid login.

 

Version 1.1.22

Date 30/05/2019

Bug

  • [MT-1050] - CISCO. upd www not created correctly (reported by R. Ouaini)

Improvement

  • [MT-571] - SPARK: ML_NewRules Reduce time and memory consumption
  • [MT-1006] - Devices - hide the API key's
  • [MT-1060] - ASA migration - migrate service 'domain' as TCP/UDP 53
  • [MT-1074] - Interfaces: Add PagingToolbar
  • [MT-1086] - Policies. Show again the "all" rules
  • [MT-1089] - Discovery Button: Make it all clickable
  • [MT-1093] - Spark CSV. Improve memory and disk usage for debug

 

Version 1.1.21

Date 27/05/2019

Bug

  • [MT-1036] - Rule Enrichment - App-ID being included in imported rules with 'Application' unchecked
  • [MT-1078] - CSV Import - Import of security policies not incrementing Rule ID's correctly

Improvement

  • [MT-1084] - CSV Autoprocess. Show current system time for autoprocess assistance
  • [MT-1085] - CSV rights. Script to modify CSV log rights to emable www-data delete the files

 

Version 1.1.20

Date 24/05/2019

Bug

  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly
  • [MT-1070] - Panorama: add on Interface Type: "Log Card", "Decrypt Mirror"
  • [MT-1075] - Predefined Filter “Duplicated Name” Not Worked as Expected

Improvement

  • [MT-1005] - CSV Import - services add field for source port
  • [MT-1071] - CSV Logs. Schedule log processing (autoprocessing)
  • [MT-1081] - HealthCheck Summary to fast spot healthcheck issues
  • [MT-1082] - HealthCheck. Verify Temp Data Structure rights
  • [MT-1083] - Spark. Separate temp data structure from parquet paths

 

Version 1.1.19

Date 16/05/2019

Bug

  • [MT-1001] - CSV import - do not allow Security policies to be imported into 'Shared'
  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly

Improvement

  • [MT-1068] - CSV Parquet. Split CSV files into buckets based on available RAM. Reduce chances for memoryoverhead error

New Feature

  • [MT-1069] - environtmentParameters. Verify that all required parameters are defined via a healthcheck

 

Version 1.1.18

Date 13/05/2019

Bug

• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-1039] - Zone names - max characters is 31 - Expedition recognizes only up to 15
• [MT-1046] - WebUI - Filter for Address --> Type needs to be corrected
• [MT-1059] - Slow performance - when removing unused objects
• [MT-1065] - Filters: duplicated Name & Value on AddressGroups

Improvement

• [MT-858] - Usability improvement feature: Add status icon for Project exports
• [MT-1061] - Change "No rules configured" to "Select a vsys with rules"
• [MT-1067] - CSV Parquet. Use available RAM

 

 

Version 1.1.17

Date 06/05/2019

Bug

 

  • [MT-403] - CISCO. The field devicegroup shows "default" instead of filename
  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-961] - ScreenOS - service configs with multiple ports and protocols with SRC settings not migrating correctly
  • [MT-1048] - Dashboard - Disk Space message - updated Live Community link
  • [MT-1051] - TAG "merged" is used by objects but not exported to the XML
  • [MT-1052] - Edit Security Rules: add/edit tag change with id
  • [MT-1056] - Policy count reporting error. Vsys "all" will not display security rules.
  • [MT-1057] - WebUI - wording changes

Improvement

  • [MT-999] - Mark Checkpoint policies with a Warning when migrated from an action not set to allow or deny
  • [MT-1012] - UI wording change - Search and Replace - change 'VSYS' to 'VSYS / DG'

 

Version 1.1.16

Date 30/04/2019

Bug

• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
• [MT-994] - Address merge - perform a precheck for Ghost objects. Do not let ghost objects to be merged
• [MT-1004] - Virtual Router - Route sorting not working
• [MT-1017] - Add LACP Port Priority on Interface when type is Aggregate Ethernet (reported by Luke)
• [MT-1027] - ASA migration - failing to complete the migration
• [MT-1029] - Add Tag Column on Grid Applications
• [MT-1030] - PAN-OS. Panoram read-only. Dont create it if max id is 0
• [MT-1031] - XML generation - <import> - importing unneeded interfaces causing commit to fail
• [MT-1032] - Checkpoint R80.20 - Address groups not being migrated
• [MT-1033] - Interfaces: update interfaces on other tables
• [MT-1042] - CSV. After read the content of a csv file go to PAGE1 by default.
• [MT-1043] - CISCO. Support for address-group security in ACLs
• [MT-1044] - Warning Logs from Address Groups

 

New Feature

• [MT-759] - Add TAGS to merged objects (address and services) and policies (security and NAT)
• [MT-849] - Add Tags to multiple address objects (multiedit)
• [MT-1026] - CSV Import - add option to delete lines


Improvement

• [MT-844] - API Key. Make the request in background
• [MT-864] - Export: Change to Job
• [MT-1010] - NAT policy export - add column and values for 'Translation Type'
• [MT-1013] - Add on Objects: selected item from right click on Menú options
• [MT-1016] - WebUI change - App-ID adoption
• [MT-1035] - Address. Improve performance to process address and address groups
• [MT-1037] - IronSkillet. Add templates for version 9.0
• [MT-1038] - Change report name - M.LEARNING Traffic report
• [MT-1045] - CSV. AutoMap Columns based on CSV Header

 

 

Version 1.1.15

Date 15/04/2019

Bug

  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-1007] - XML generation - inserting invalid tunnel interface configuration
  • [MT-1008] - App-Override - Transform App to Service is generation an incorrect timeout
  • [MT-1019] - Merge - cannot merge 'Log forwarding profile'
  • [MT-1020] - Service Merge. Error while merging two services

New Feature

  • [MT-759] - Add TAGS to merged objects and policies

Improvement

  • [MT-1014] - Increase height of the window that shows the results of the merge

 

Version 1.1.14

Date 12/04/2019

 

Bug

  • [MT-768] - Consolidate - do not mix and match rules with services and applications
  • [MT-1000] - Expedition Exporting Configuration with "read-only" (reported by Luke)

 

Version 1.1.13

Date 10/04/2019

Bug

  • [MT-757] - MERGE - issue found when setting unused object as primary for merge
  • [MT-937] - Web UI - Remove the "Register as Regions" button
  • [MT-942] - XML generation - orphan XML tag being added
  • [MT-953] - Rule merge all results
  • [MT-986] - WebUI - (Predefined) Nat noNAT not working correctly
  • [MT-998] - Web UI - graphic not rendering correctly
  • [MT-1009] - Expedition Cross Site Scripting in devices View (Description field)

Task

  • [MT-308] - Verify all scripts in /bin have the sessionControl.php

Improvement

  • [MT-975] - MULTI-EDIT - enable the 'Description' option
  • [MT-995] - Ghost object - replace the "/" in the name after transforming
  • [MT-996] - Wording change in UI

 

Version 1.1.11

Date 28/03/2019

Bug

  • [MT-947] - SRX migration - NAT rules not migrating Destination NAT rules correctly
  • [MT-958] - PROJECT. Prevent invalid names for Projects like "create" or "is"
  • [MT-964] - Dashboard. Calculate Ghost when source is not provided
  • [MT-966] - Dashboard. Invalid services do not consider groups with "any" inside
  • [MT-967] - CISCO. Creating service groups with tcp-udp services includes any service
  • [MT-968] - CISCO. Missing some implicit services due to being both tcp and udp
  • [MT-969] - Export to Excel: Nat rules, remove id) from name
  • [MT-972] - Save snapshot - not saving when the snapshot name has blank spaces

New Feature

  • [MT-917] - API Calls. Clear all API Calls.

Improvement

  • [MT-956] - Dashboard statistics - only calculate unused objects for the most recent imported configuration
  • [MT-957] - Dashboard statistics - add a counter for rules and objects with warnings
  • [MT-959] - Check Used Objects. Calculate objects only for the new source
  • [MT-976] - API Output manager - expand the 'search' to include the 'XML Content'
  • [MT-978] - Dashboard. Include address groups with invalid references

 

Version 1.1.10

Date 21/03/2019

Bug

  • [MT-819] - SRX file migration failed - due to Invalid XML
  • [MT-932] - SRX - NAT policies not migrating correctly
  • [MT-939] - Service override settings need correction in the XML and API output
  • [MT-940] - SRX - migration stalls at importing NAT policies
  • [MT-949] - XML generation is Invalid - Dash in the description causing the failure

New Feature

  • [MT-200] - Convert Long structures to BigInt to support IPv6
  • [MT-941] - SRX - migration support for double NAT configurations
  • [MT-946] - WebUI - add a global indicator for the Expedition agent status
  • [MT-948] - CSV Logs. Show logs per days summary

Task

  • [MT-952] - Update to Sencha 4.2.5

Improvement

  • [MT-501] - CHECKPOINT R80. Importing objects some are missing
  • [MT-781] - Allow importing of new configurations to be displayed and edited
  • [MT-871] - Add a message after merging configurations
  • [MT-936] - Add a search for Device-Group and Template selections

 

Version 1.1.7

Date 28/02/2019

Bug
   [MT-874] - ZONES: Delete a used zone is performed without a warning
   [MT-879] - Saved Rule Name with the character "*"
   [MT-880] - Filters doesn't search by the character "*"
   [MT-885] - Application object import - commas are causing new lines to be created
   [MT-886] - DEVICES page load timing out causing remote exception when hundreds
   [MT-887] - XML generation failing due to VLAN configured object
   [MT-888] - R80 import - Address group missing some members
   [MT-890] - IronSkillet - base config not passing admin credentials
   [MT-894] - Filter - not matching predefined keywords 'none'
   [MT-897] - Import Project: error when are two or more directories on folder
   [MT-898] - Checkpoint. Missing members in nested groups
   [MT-901] - Zones - incorrect zone being deleted by mistake

   [MT-902] - IronSkillet - 8.1 XML file not adding template
   [MT-903] - IronSkillet - not copying the MGMT IP information

   [MT-904] - IronSkillet - API Output manager is generating invalid API requests for deviceconfig
   [MT-905] - Spelling correction - Best practices section
   [MT-908] - XSS in Migration Tool
   [MT-909] - Import/Export Applications ident-by-icmp-type

Improvement
    [MT-877] - /boot out of space Added as Check from the Dashboard.
    [MT-891] - IronSkillet - Panorama config display enhancement
    [MT-907] - Fixed some Text Typos

 

Version 1.1.6

Date 14/02/2019

Improvement
   * [MT-828] - LogConnector: Provide information about used data sources
   * [MT-876] - Change width “Description” column for all Excel export

 

Version 1.1.5
Bug

    * [MT-866] - ScreenOS. Fails importing security rules with hidden chars
    * [MT-872] - ScreenOS: SNMP service incorrectly loaded
    * [MT-860] - Filters. “Starts with” does not filter correctly

Improvement
    * [MT-814] - Auto Zone Assigment: change title if nat or security policies
    * [MT-815] - Autozone: Bidirectional NATs are not correctly applied
    * [MT-863] - Allow reimporting a configuration with an existing name. Loaded with date suffix

 

Version 1.1.4

Date 02/05/2019

Bug

  • [MT-767] - Consolidate - do not include 'Deny' rules to consolidate if other rules are set to accept
  • [MT-811] - Cisco ASA migration - Auto Zone Assign not calculating the zones for Security rules correctly
  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule
  • [MT-820] - GlobalProtect configuration missing in Expedition tool
  • [MT-823] - Policy Filter in Expedition with option NOT IN NETWORK
  • [MT-826] - Services: override unexpected here. Discarding.
  • [MT-827] - Rule Enrichment: doesn't import correctly application-default
  • [MT-829] - Rule Enrichment: doesn't have save snapshot
  • [MT-834] - Export/Output: Disable override doesnt generated correctly
  • [MT-837] - Export/Output: services with protocol SCTP doesnt generated correctly
  • [MT-842] - LDAP. Authentication not working correctly
  • [MT-845] - Policy Filter with option NOT IN NETWORK doesn’t work
  • [MT-857] - SRX parser - not adding nested service groups
  • [MT-859] - Rule Enrichment: doesn't import correctly source/destination

 

New Feature

  • Under LDAP servers a new field has been added (account prefix)
  • Now Expedition calculates for all the rules if they are L7 or L4 only.
  • [MT-698] - New Predefined Filter. L4 and L7 Rules
  • [MT-850] - The Discovery window has been splitter in two windows one for ML and another one for Rule Enrichment
  • The ML and RE now supports IPv6 addresses within the logs
  • Expedition will verify if you have access to the logs folder for ML and RE
  • Runtime feedback added while RE and ML is running from the view.
  • [MT-812] - Update BPA Security Policies View with the new Fields
  • [MT-833] - ML: RE: Added Unknown applications to the Analysis
  • [MT-843] - UserRoles. Do not allow SuperUser to change own role
  • Expedition can import the same configuration name into the same project by automatically renaming them with the date-time at the end of the filename.

 

Version 1.1.2

Date 28/12/2018

Bug

  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule

Improvement

  • [MT-814] - Auto Zone Assigment: change  window title if its nat or security policies
  • [MT-815] - Autozone: Bidirectional NATs are not correctly applied

 

Version 1.1.1

Date 19/12/2018

Improvement

  • [MT-812] - Updated Best Practices. The Security Policies View. Updated the Grid Columns

Bug

  • IronSkillet. Version 1.1 didnt get all the components needed to run IronSkillet. Fixed in 1.1.1

 

 

Version 1.1

Date 14/12/2018

Bug

  • [MT-407] - Filtering by Nat zone TO doesn't work
  • [MT-597] - Output: Merge zones in the Template
  • [MT-599] - Consolidation: Check for duplicated profiles
  • [MT-602] - Bug with ML server export
  • [MT-604] - Device image models are not rendered correctly.
  • [MT-608] - Rule Enrichment: Add to Existing Rules
  • [MT-622] - FW: Latest Version of Expedition doesn't delete Service Objects
  • [MT-628] - Issue with Custom App-IDs in Expedition
  • [MT-634] - Truncate Names Rules Names/Description v.8.0
  • [MT-636] - ASA Config: Any in group to service
  • [MT-648] - Remote exception when filtering for unused address object groups
  • [MT-651] - New bug detected in 1.0.101 (Email) Duplicated Name, Filter
  • [MT-765] - Update name schedules/log forwarding/zones/monitor, selected ids from rules by source and vsys
  • [MT-766] - Log Forwarding / Schedule: if it's removed need to be removed from rules too.
  • [MT-800] - Tab Click on Policies does not render correctly
  • [MT-808] - Export: output. Remove new policies QoS, PBF, etc.

New Feature

  • [MT-424] - Add Filter Target and Set Add, Remove, Update target etc
  • [MT-600] - Add button Test on Servers
  • [MT-603] - New windows for Test Connection LDAP and Radius
  • [MT-618] - Address: Add Transform IPAddress to object
  • [MT-779] - Add Other Rules: check version 7

Task

  • [MT-792] - LDAP: remove admin from test window

Improvement

  • [MT-638] - Add Other Rules Import
  • [MT-650] - Add Other Rules: calculate used objects
  • [MT-728] - Unify the two menus of the objects (Address / Address Groups)
  • [MT-729] - Unify the two menus of the objects (Services / Services Groups)
  • [MT-734] - Settings - Servers - LDAP/RADIUS
  • Added Best Practices version 3.6.3
  • Added IronSkillet under Import -> Palo Alto
Rate this article:
(1)
Comments
L1 Bithead

Hi, what about the newer versions 1.0.100 ... maybe its possible to show the changelog directly in the tools dashboard.

 

Thanks in advance,

Andre

L4 Transporter

Where do you find the HF's for download?

L0 Member

HI Gun-Slinger

Please follow the normal upgrade process to upgrade to latest version

Abid

L2 Linker

the 1.1.1 release unfortunately still suffers the "type" problem when creating ldap servers:

 

https://live.paloaltonetworks.com/t5/Expedition-Articles/Authentication-via-LDAP-server/tac-p/243545...

L0 Member

@asheikh 

 

Can you pls point out to a link for "normal upgrade process" ? Thanks

L0 Member

Hi,

Can you please add direct link to download hotfixed 1.1.23, 1.1.24 and 1.1.24? I need to download and install hotfix manually. Is there any dependencies that needs to be met?

L2 Linker

Version 1.1.68 and 2 same release date

L2 Linker

Does it seem like updates for Expedition always become available before the release notes?

L6 Presenter

Usually release note came around same time as new version release. sometime there is 1 day delay. 

L2 Linker

It's been almost a month since the last expedition update.  Does that mean something big is coming soon?  Maybe 2.0?

L0 Member

@alestevez wrote:

Release Notes:

Version 1.1.82, 1.1.82.1, 1.1.82.2

Date 02/10/2020

Bug

  • [MT-1907] - Disabled IPSEC Tunnels not showing "disabled" when imported
  • [MT-1912] - SRX. Duplicated address objects when exists as global address object
  • [MT-1914] - ScreenOs. Incorrect reference of multi-protocol objects
  • [MT-1915] - Bulk Zone: Issue deleting zones
  • [MT-1916] - Bulk Zone: Issue adding zones to rules without zones

 

Version 1.1.81

Date 17/09/2020

Bug

  • [MT-1886] - NAT policy showing address object as "null" after merging address objects by value.
  • [MT-1893] - Checkpoint service-group objects imported as service-objects
  • [MT-1908] - ReportName Got Truncated after Panorama config export from Expedition

 

Version 1.1.80

Date 24/08/2020

Update

  • Updated Terms and Conditions

Version 1.1.79, 1.1.79.1

Date 14/08/2020, 18/08/2020

Bug

  • [MT-1892] - CHECKPOINT >R80. Services lost in security policies

New Feature

  • [MT-1890] - CSV Files. Support for PANOS 10.0

Improvement

  • [MT-1891] - Description: Support for (, { and [ elements

 

Version 1.1.78

Date 13/08/2020

Improvement

  • [MT-1885] - Checkpoint. In-line policies are missing

 

Version 1.1.77

Date 07/08/2020

Bug

  • [MT-1834] - Expedition GUI Hangs when click on "Unused" address objects from Dashboard
  • [[MT-1869] - Dashboard-NaN value shows in Unused and Ghost counts of Tag object
  • [MT-1877] - Unable to reference shared objects in vsys NAT rules
  • [MT-1882] - Security, NAT rules and interfaces missing when parse Juniper SRX nested group config

Improvement

  • [MT-1840] - BPA AutoRemediation on Template
  • [MT-1881] - CHECKPOINT. Include security rule target device for >R80

 

Version 1.1.76, 1.1.76.1

Date 03/08/2020

Bug

  • [MT-1797] - Dashboard-Showing all address objects are unused.
  • [MT-1876] - SRX. Zones missing in global policy

 

Version 1.1.75

Date 27/07/2020

Bug

  • [MT-1868] -Autozone. Issues when interface names are shared accross multiple VR

 

Version 1.1.74

Date 14/07/2020

Bug

  • [MT-1859] - SRX. Tunnels without vlan-id miss the tag
  • [MT-1861] - SRX. Address objects with invalid names in NAT rules
  • [MT-1862] - SRX. st0 Tunnel interfaces loaded as ethernet
  • [MT-1863] - SRX. vr1 takes more interfaces than it should
  • [MT-1864] - SRX. Load lo0 interface as loopback
  • [MT-1866] - ML Settings. Timezone issues
  • [MT-1867] - Snapshots. Limit to 5 automatic snapshots

 

Version 1.1.73

Date 06/07/2020

Bug

  • [MT-1854] - Import Project. Update Project DB after import
  • [MT-1855] - CHECKPOINT. Missing interfaces and routes in <R80

 

Version 1.1.72

Date 03/07/2020

Bug

  • [MT-1851] - CISCO. Zones get reassigned on new import
  • [MT-1852] - CISCO. Support address groups descriptions

Improvement

  • [MT-1847] - Cisco ASA remarks contain ";" , the ";" is missing in the description after convert

Version 1.1.71

Date 26/06/2020

Bug

  • [MT-1825] - Older CP Import not working v77.30 on Exp 1.1.69.3
  • [MT-1832] - Cisco ASA. Remarks are populated into wrong ACLs
  • [MT-1843] - CISCO. Issue with IPv6 with CIDR

New Feature

  • [MT-1831] - CleanUp Objects. Script to merge address objects in background
  • [MT-1844] - CISCO. Support for service timeouts

 

Version 1.1.70

Date 12/06/2020

Bug

  • [MT-1782] - Expedition - Unable to properly schedule daily import of machine logs
  • [MT-1798] - Older Checkpoint Import not working v77.30 - Rulebase not importing
  • [MT-1817] - BPA-Best Practice Adoption Pi-Chart does not reflect the correct adoption rate
  • [MT-1820] - Expedition predefined service-http object issue
  • [MT-1830] - CSV Files. Error importing logs from Splunk (CurlConnect)
  • [MT-1836] - BPA. Update radar view
  • [MT-1837] - CISCO NAT after-auto. Some rules were not correctly considered as after-auto, but placed as before-auto

Improvement

  • [MT-1814] - HealthCheck. Check PIP dependencies are installed
  • [MT-1835] - Delete Duplicated. Improve SQL calculations for object-reference updates

 

Version 1.1.69, 1.1.69.1, 1.1.69.2, 1.1.69.3

Date 28/05/2020, 05/06/202

Bug

  • [MT-1768] - BPA-Auto Remediate does not work
  • [MT-1811] - Clone NAT. Updates have a larger scope than they should
  • [MT-1812] - Checkpoint. Delete temporary files
  • [MT-1813] - Autozone. Limit the calculations to the given vsys
  • Checkpoint R80 parser does not complete. Parser not closed correctly

New Feature

  • [MT-1660] - CSV Logs. Read traffic logs rom Splunk
  • [MT-1795] - RE / ML. Offer thresholds for traffic filtering
  • [MT-1800] - API Calls. Improve feedback error message
  • [MT-1801] - HealthCheck. Check APT frozen packages

Task

  • [MT-1757] - M.Learning setting- Expedition ML Address probably not being saved on the fresh installed Expedition

Improvement

  • [MT-1794] - Checkpoint. Support for routing table per rulebase
  • [MT-1805] - CSV Logs. Splunk: Use earliest and latest options

 

Version 1.1.68

Date 28/04/2020

Bug

  • [MT-1780] - Config Import. Invalid Version error

Improvement

  • [MT-1671] - VPN Warnings. Provide Warning feedback
  • [MT-1770] - CISCO. IPSec Tunels missing ProxyIDs
  • [MT-1771] - Update Message. Improve message to assist Expedition Update

 

Version 1.1.67

Date 23/04/2020

Bug

  • [MT-1764] -Download Config. Unable to pull running config from Panos 8.1.14, 9.1.2

 

Version 1.1.66

Date 16/04/2020

Bug

  • [MT-1747] - Network -> Interface Goes up only to EthernetX/24 does not support ExternetX/25-28
  • [MT-1759] - Checkpoint. Address with netmask not convertible to CIDR
  • [MT-1761] - ASA Conversion - Security Policies Do Not Convert
  • [MT-1765] - Remap Interface. Sets interface as blank

New Feature

  • [MT-1750] - Export. Allow filtering subatomic API calls with commas
  • [MT-1751] - Export. Allow filtering subatomic API calls by device group

Improvement

  • [MT-1756] - Export. Filter by API response code
  • [MT-1762] - HealthCheck. Unused accounts

 

Version 1.1.65

Date 02/04/2020

Bug

  • [MT-1628] - Export: generated api with Mega doesnt work
  • [MT-1639] - Virtual Router: on RIP there are interfaces and they are not being read
  • [MT-1755] - Radius LDAP. Failing to test

New Feature

  • [MT-1742] - CSV Logs. Allow override AfterProcess from Panorama
  • [MT-1749] - Bulk Change. Append Description all rules (as include)
  • [MT-1753] - Palo Alto Networks. Slow import of Routes with objects
  • [MT-1754] - CSV Autoprocess. Compress/Delete second and later files Override by Panorama

Improvement

  • [MT-1745] - Add Description to security policy Bulk Change function

 

Version 1.1.64

Date 25/03/2020

Bug

  • [MT-1729] - Add version 9.2 to the getVersion function
  • [MT-1739] - Error when to click save on address object

Improvement

  • [MT-1692] - Palo Alto Networks. Slow import of Routes with objects

 

Version 1.1.62 & 1.1.63

Date 20/03/2020

Bug

  • [MT-1724] - Ghost Objects. It may provide more results than actual address objects
  • [MT-1725] - CISCO. Missing security Rules with warnings
  • [MT-1728] - CISCO. Some host objects get imported with CIDR=0
  • [MT-1731] - Filters. Use id as a value for the combo_operator
  • [MT-1733] - CSRF. Control on device report
  • [MT-1736] - CISCO. Missing some predefined services (e.g. icmp-echo-reply )

New Feature

  • [MT-1730] - Edit userDefinitions. Provide page to modify userDefinitions.php
  • [MT-1734] - AppID. Customize max number of rules to analyse
  • [MT-1735] - Filters. Rules without hits

Improvement

  • [MT-1732] - Dashboard. Provide info about address count
  • [MT-1737] - CISCO. Aggregate Sec Rules based on same remark

 

Version 1.1.61 and 1.1.61.1 and 1.1.61.2

Date 10/03/2020

Bug

  • [MT-1712] - CSV Files. Correct reporting device
  • [MT-1713] - CISCO. Sanitize Description text
  • [MT-1714] - Security Rules. Skip loading empty security rules list
  • [MT-1715] - Devices Monitor. Allow export

New Feature

  • [MT-1701] - Ability to identify logged in users
  • [MT-1716] - Filters. Show rules without hits

Improvement

  • [MT-1710] - RSyslog. Specify user owner of CSV logs
  • [MT-1711] - Update Expedition dependencies

 

Version 1.1.60

Date 05/03/2020

Bug

  • [MT-1709] - Invalid ranges

Version 1.1.59

Date 04/03/2020

Bug

  • [MT-1695] - CSV Logs. Unsupported logs are reported as processed
  • [MT-1696] - CSV Logs. Failure to process Summary on logs
  • [MT-1697] - CSV Logs. Failure to process CSV logs due to "rule" empty
  • [MT-1699] - CSRF. Direct the user to the logging page is session is expired

Task

  • [MT-1704] - Fortinet. Cover service ports in security rules involving VIP destinations (update)

Improvement

  • [MT-1700] - CSV List. Present processed logs by HA device
  • [MT-1702] - CSV Logs. Report reasons for not finding logs
  • [MT-1706] - CSV List. Allow files with spaces
  • [MT-1707] - CSRF. Control on file posting
  • [MT-1708] - Incomplete Jobs. Update jobs that have tasks completed.

 

Version 1.1.58, 1.1.58.1

Date 27/02/2020

Improvement

  • [MT-1682] - Import Config. Present date of the device's config in the grid
  • [MT-1686] - Devices. Catch control for listing files larger than 2GB over NSF
  • [MT-1687] - Invalid Address. Verify that an address object does start with a valid char
  • [MT-1691] - Fortinet. Cover service ports in security rules involving VIP destinations
  • Modify CSRF token expiration time

 

Version 1.1.57 & 1.1.57.1

Date 18/02/2020

Bug

  • [MT-1617] - Add "fixed" Cases in Consolidations' Calculations
  • [MT-1666] - FR - Merge on Policies for more than 10 cases in one pass

Task

  • [MT-1488] - Merge Rules: change behaviour

Improvement

  • [MT-1663] - App-ID Adoption. Support Consolidation with Recommended+Dependencies
  • [MT-1672] - Checkpoint. Rename import labels
  • [MT-1673] - RE. Separate incomplete and insufficient data traffic

 

Version 1.1.56

Date 13/02/2020

Bug

  • [MT-1653] - API Export: atomic complete but incomplete (policies) and sub atomic never completed
  • [MT-1661] - Checkpoint. Tags not created for section rules
  • [MT-1662] - Other vendors. Rules presented in a wrong order when selecting VSYS=all

Improvement

  • [MT-1664] - Radius Authentication. Include attributes for client identification
  • [MT-1667] - Dashboard. Invalid address objects for IPv6 wrongly calculated
  • [MT-1668] - Applications.xml. Update the default applications.xml file
  • [MT-1669] - Device Config files. Enable downloading not encrypted files
  • [MT-1670] - Authentication Server grid. Increase the last column to see the Test button

 

Version 1.1.55

Date 06/02/2020

Bug

  • [MT-1615] - Applications Signatures: does not load XML on UI
  • [MT-1648] - Sec Merge. Control on negated src/dst
  • [MT-1650] - API Export stuck at Generating Log Settings :: vsys:shared
  • [MT-1654] - Devices: Update "Panorama model" when selected and saved

Improvement

  • [MT-1646] - Consolidation Security Rules: Add explanation
  • [MT-1649] - Sec Merge. Improve feedback messages
  • [MT-1655] - Device Summary. Do not show local FW as disconnected from Panorama
  • [MT-1656] - CSV Logs. Support for panos 9.1.x
  • [MT-1657] - HealthCheck. Check for allowed DB connections

 

Version 1.1.54

Date 03/02/2020

Bug

  • [MT-1625] - Dynamic Address Groups may be considered as Unused
  • [MT-1634] - Expedition NAT issues
  • [MT-1638] - Support for multicast routing

Improvement

  • [MT-1640] - ML. Importing "any" may use (if exists) an invalid address object without ip_address

 

Version 1.1.53

Date 27/01/2020

Bug

  • [MT-1629] - RL Import. Ranges are created as ip-netmask instead of ip-range
  • [MT-1630] - Calculate Unused: Automatically called after RE import
  • [MT-1635] - UI: Error deleting unused objects: the objects panel and toolbox does not unlock

Improvement

  • [MT-1631] - SRX: Support for new Zone-based security policies in SRX
  • [MT-1637] - Checkpoint IPv6 network support for <R80

 

Version 1.1.52 & 1.1.52.1

Date 16/01/2020

Bug

  • [MT-1601] - XML Export. Error in application signatures
  • [MT-1604] - Doesn't uploaded Devices grid after added devices
  • [MT-1608] - Viewer Settings. Allow update user Settings in a project
  • [MT-1610] - Expedition Service Object Length
  • [MT-1613] - Issues with API output manager
  • [MT-1614] - Running v1.1.50 - after merging, export hangs at Generating Applications vsys/dg:vsys1
  • [MT-1616] - Update Tab context when clicking on Project Dashboard
  • [MT-1618] - Log Connector: source does not loaded correctly
  • [MT-1619] - Devices: device grid was filtered based on selected project

Improvement

  • [MT-1605] - Max Users. Allow parameterising. define ('MAXSUPERUSERS', 4); in /home/userSpace/userDefinitions.php
  • [MT-1609] - Rules Consolidation: Export to Excel Complete

Version 1.1.51

Date 10/12/2019

Bug

  • [MT-1220] - Address objects incorrectly being marked as unused - Panorama nested objects
  • [MT-1491] - Zones: Include list and Exclude list contains address, address groups objects
  • [MT-1581] - PanOS 9.0: Add GRE Tunnels from Network
  • [MT-1591] - IpSec Tunnel: update interface from Manual Key when change name to interface
  • [MT-1595] - CSV Rules: the "tag" column isn't imported
  • [MT-1596] - CSV Objects: the "tag" column isn't imported
  • [MT-1598] - Search & Replace: It takes a long time to load
  • [MT-1599] - Remove Unused Objects. After import some objects references in NATs were deleted
  • [MT-1603] - Filters. Hit count may miss some rules

Improvement

  • [MT-1587] - Remove/Calculate Unused objects. Perform process in background
  • [MT-1600] - Security Merge. Control on application default and disabled rules

 

Version 1.1.50

Date 25/11/2019

Bug

  • [MT-1556] - PanOS 9.0: Address - Add Type IP Wildcard Mask
  • [MT-1582] - Filter Invalid&Used: fails to filter
  • [MT-1588] - Static Route cannot be created within UI
  • [MT-1590] - CSV Autoprocess. Managed Device not processed when not having path and Panorama does not have autoprocess enabled

Improvement

  • [MT-1584] - Merge. Control ANY and Values merge on all fields in security rules
  • [MT-1586] - Security Rules. Show ML/RE rules with an icon

 

Version 1.1.49

Date 19/11/2019

Bug

  • [MT-1573] - Generate XML: error when generated zones
  • [MT-1578] - Autoprocess. Does not process the logs from all the devices
  • [MT-1579] - Calculated Used/Unused Objects: error when Calculating dynamic groups

Improvement

  • [MT-1574] - Monitor. Show all type of monitor entries

 

Version 1.1.48, 1.1.48.1, 1.1.48.2

Date 12/11/2019

Bug

  • [MT-1557] - Tags on Applications: doesn't load. Import/Export.
  • [MT-1571] - CISCO. VPN without peers stops parser
  • [MT-1572] - Checkpoint. Single IPv6 objects issue

New Feature

  • [MT-1431] - (Predefined) Filters to Hit Count on Security Policies
  • [MT-1567] - Threat Dynamic Reports

Improvement

  • [MT-1570] - Applications Window: Change UI

 

Version 1.1.47

Date 11/11/2019

Bug

  • [MT-1559] - Connector. Error when having multiple panorama connectors
  • [MT-1565] - Static group to Dynamic group
  • [MT-1566] - First Load Crash. environmentParameters not existing

New Feature

  • [MT-1496] - Bulk Changes Policies: Add/Delete Group Tags

Improvement

  • [MT-1558] - Connector. Create a dynamic connector to avoid multiple changes
  • [MT-1560] - Connector. Allow selecting the source from a device
  • [MT-1561] - App-ID Adoption. Allow processing "deny" rules.
  • [MT-1562] - App-ID Adoption. Collect incomplete and insufficient-data apps.
    [MT-1563] - CSV Processing. Clarify how to enable files for CSV processing

 

Version 1.1.46

Date 5/11/2019

Bug

  • [MT-1506] - Merge tags: merged all, not selected
  • [MT-1511] - Virtual Router: PanOS 9.0: Destination, Next Hop IP Address, Path Monitoring are address objects
  • [MT-1512] - Virtual Router: PanOS 9.0: Add FQDN on static routes Next Hop
  • [MT-1547] - Clone Window: Failure message on wait message
  • [MT-1548] - Tags null on Policies
  • [MT-1551] - PanOS 9.0: Merge Tags by Name: doesnt update on group tags
  • [MT-1552] - Regions: merge by Name or Value doesnt work

New Feature

  • [MT-1550] - CHECKPOINT R80.10. Added support for dynamic NATs

Improvement

  • [MT-1549] - Calculated Used/Unused: add group tags
  • [MT-1553] - Tags Menu: unify Menu Up & Down
  • [MT-1554] - Tags Menu: Add/Replace Prefix/Suffix
  • [MT-1555] - Regions Menu: unify Menu Up & Down

 

Version 1.1.45

Date 4/11/2019

Bug

  • [MT-1540] - CSV Processing. Listing files issues

Improvement

  • [MT-1541] - Devices. Skip Listing CSV Logs if possible
  • [MT-1546] - Device Summary. Avoid warnings

 

Version 1.1.44

Date 31/10/2019

Improvement

  • [MT-1534] - CSV Processing. Reduce time for file listing
  • [MT-1535] - CSV Processing. Support processing hundreds of files in one call
  • [MT-1536] - CSV List. Improve time setting PANOS version priority

 

Version 1.1.43

Date 30/10/2019

Bug

  • [MT-1479] -  Route Monitor being deleted
  • [MT-1485] - Replace Feature does not visualize all replacing options if a filter is applied.
  • [MT-1487] - Filters: on objects, filter with tags does not work
  • [MT-1497] - Virtual Router: On edit windows does not see RIP Administrative Distances
  • [MT-1507] - CSV Autoprocess. Compress/Delete second and later files
  • [MT-1508] - CSV Processing. Malformed CSV files crash Spark 2.4.3
  • [MT-1521] - CSV Processing. Add 'csv' as log type for new devices by default.

New Feature

  • [MT-1498] - Task Agent. Autostart when booting for new installs.

Improvement

  • [MT-1519] - CSV Processing. Improve panReadOrders feedback
  • [MT-1520] - CSV Processing. Allow processing files with .log extension
  • [MT-1518] - CSV Processing. Allow processing files under panorama managed devices

 

Version 1.1.42

Date 23/10/2019

Bug

  • [MT-1505] - RE Import. Check UTF8 encoding for user names

New Feature

  • [MT-1472] - Version PanOS 9.1: Edit Rules: Add "group-tag" on editor rules
  • [MT-1484] - Device Monitor

Improvement

  • [MT-1486] - CISCO. Support for src port services
  • [MT-1489] - CISCO. Service any from 0-65535
  • [MT-1499] - www-data in expedition group
  • [MT-1504] - Filters. Allow multiple levels of filter operators

 

Version 1.1.41 and 1.1.41.1

Date 17/10/2019

Bug

  • [MT-1002] - PanOS-9: add "group-tag" in all policies
  • [MT-1451] - Appoverride Rules: When editing the rules, the zones add any
  • [MT-1453] - Appoverride Rules: On edit rules set Application and Port field required
  • [MT-1456] - Scheduled tasks. No task found
  • [MT-1457] - Merge Rules: add "target" options
  • [MT-1458] - Cloned Rules: On Nat/Appoverride Rules missing cloned target
  • [MT-1461] - CSV Processing. File size incorrectly reported
  • [MT-1462] - Invalid Rules. Filter does not show results
  • [MT-1465] - SRX. Device Static Routing not imported when VR is defined
  • [MT-1466] - Virtual Wires: When edit interfaces and selected virtual wire, change automatically interfaces on virtual wires
  • [MT-1467] - PALOALTO: error on export log-authentication-timeout from authentication rules
  • [MT-1473] - Expedition Bug - Applying Filters (v1.1.40)
  • [MT-1475] - Dashboard. Invalid rules
  • [MT-1482] - Checkpoint. Issue with address IPv6 addresses in <R80

New Feature

  • [MT-1003] - Version 9: add "uuid" in all policies
  • [MT-1468] - CSV Processing. Support for PANOS 9.1 Beta.
  • [MT-1480] - RE Import. Consider compacting Service High Ports
  • [MT-1481] - RE Import. Consider importing networks

Improvement

  • [MT-1469] - Change CSV Log permit. Increate feedback
  • [MT-1470] - Job monitoring. Verify the proper counts of failed jobs

 

Version 1.1.40

Date 09/10/2019

Bug

  • [MT-1442] - Profiles on Security Rules: doesn't rendered correctly File Blocking
  • [MT-1443] - Best Practices / Threat Practice: error in parameters from function
  • [MT-1446] - CSV List. Empty (0 size) files provoke UI error and timeouts

New Feature

  • [MT-1439] - Filters: change columns behaviour

Improvement

  • [MT-1445] - Checkpoint. IPv6 host and network objects support

 

Version 1.1.39

Date 04/10/2019

Bug

  • [MT-1208] - Dashboard: doesnt rendered correctly values from Tags
  • [MT-1433] - CSV Processing. Error accessing CSV file while processing
  • [MT-1434] - CSV Processing. May loop on a file multiple times

New Feature

  • [MT-1421] - Tags: Add Filter (Predefined) Used and Unused and link to Dashboard
  • [MT-1405] - ZONES. Bulk change delete

Improvement

  • [MT-1184] - Networks Menu: unify Menu Up & Down
  • [MT-1397] - CSV Files. Show warning if file to big for GZ
  • [MT-1435] - Device Listing Timeout. If ML settings are incorrect, Expedition may give timeouts

Version 1.1.38

Date 26/09/2019

Bug

  • [MT-1076] - FQDN address being incorrectly marked as invalid
  • [MT-1186] - Panorama - a specific DG cannot be selected
  • [MT-1221] - Interfaces not being imported into the correct VSYS
  • [MT-1225] - Log processing - failing due to memory issues
  • [MT-1395] - CISCO. Non-utf descriptions support
  • [MT-1403] - Dashboard:warnings on rules are not correctly calculated 
  • [MT-1417] - Checkpoint. Issue with address group creation in R80.10 (2)

Version 1.1.37

Date 20/09/2019

Bug

  • [MT-1387] - Checkpoint. Issue with address group creation in R80.10

Improvement

  • [MT-1386] - STONESOFT. Interfaces in virtual fw_cluster

 

Version 1.1.36

Date 19/09/2019

Bug

  • [MT-1165] - FGT migration - not considering case sensitive address object naming - causing incorrect migration
  • [MT-1168] - CSV Interface. Some interfaces are not correctly imported
  • [MT-1185] - ASA migration - failing when migrating crypto profiles
  • [MT-1202] - ASA migration - NAT rules not migrating
  • [MT-1217] - Merge by Name and Value - Failing for address-groups, results in merging Groups with same name but different members
  • [MT-1223] - Zones - remove the option to add them to 'shared'
  • [MT-1284] - WebUI - no longer displaying 'Known Applications by rule' pop up
  • [MT-1286] - UI: Known Applications: the tree Applications doesnt rendered correctly
  • [MT-1377] - Applications Groups Menu: Selected Predefined Filter doesnt work
  • [MT-1379] - Issue with merging of service objects with same dport value but different timeout
  • [MT-1380] - Applications Groups: Predefined Filter Name & Value and Merge, error on select when default_applications

Improvement

  • [MT-1320] - CSV Processing. Do not allow clicking on "Process Files" within a Panorama device
  • [MT-1371] - CSV Processing. Save PID to be able to check if the process failed
  • [MT-1283] - New Project. Cannot add device during new project creation (applications.xml containsa dependency loop)

 

Version 1.1.35

Date 14/08/2019

Bug

  • [MT-1203] - Checkpoint R80.x0 - migrating NAT rules twice (duplicating them)
  • [MT-1216] - Updates 1.1.34: Unknown column 'vsys' in 'config_views'

Improvement

  • [MT-1214] - Invalid Sec Rules. Mark as invalid rules those containing incomplete and insufficient-data apps

 

Version 1.1.34

Date 13/08/2019

Bug

  • [MT-997] - CISCO. down interface is considered for routing
  • [MT-1138] - AutoZoneAssign - not finding the VR from a template
  • [MT-1201] - Checkpoint R80.10/.20 - incorrectly migrating vsys/DG names causing migrations to fail
  • [MT-1205] - WebUI - Export page - deleting a single item results in removing the entire config file
  • [MT-1211] - AutoZoneAssign - incorrectly using the DG as the vsys assignment
  • [MT-1213] - AutoZone. Do not consider "down" interfaces for routing tables

Improvement

  • [MT-1209] - CSV Processing. Allow processing using the priovidrd path even not having saved device settings
  • [MT-1210] - CSV Processing. Provide human-readable feedback
  • [MT-1212] - Network Interfaces. Show down interfaces as disabled rows

 

Version 1.1.33

Date 08/08/2019

Bug

  • [MT-1041] - Stonesoft import - errors on import. Initial support for virtual_fw devices
  • [MT-1126] - Load snapshot - Cancel option does not stop the loading of the snapshot
  • [MT-1147] - Save snapshot - support saving and loading without manually typing a name
  • [MT-1192] - Spark - not processing traffic logs when hostname has an underscore
  • [MT-1199] - ML. Wrong naming convention when importing networks

New Feature

  • [MT-1195] - For ML and RE - add the option to analyze 'incomplete' logs

Improvement

  • [MT-1154] - Tags - check for duplicate tags (Dashboard information)
  • [MT-1194] - Spark java.net.UnknownHostException. Issues with the hostname. Healthcheck for hostname without "_"

 

Version 1.1.32 (Requires expeditionml-dependencies-beta v. 0.1.3)

Date 02/08/2019

Bug

  • [MT-1150] - WebUI filter for NAT - create a filter for 'Interface'
  • [MT-1185] - ASA migration - failing when migrating crypto profiles

Improvement

  • [MT-1187] - Add "Mark as Fixed" button warning messages on Warning Tabs Editor Rules
  • [MT-1188] - HealthCheck. Check for installed versions
  • [MT-1189] - Spark. Upgrade to Spark 2.4.3 (ML and RE performance and feature improvements)
  • [MT-1190] - panReadOrders started. Create a script to automatically start panReadOrders agent

 

Version 1.1.31

Date 31/07/2019

Bug

  • [MT-1149] - ASA - not migrating NAT rules
  • [MT-1169] - CISCO. VPN - IKE gateway wrong interface if multiple "crypto map" entries are available
  • [MT-1170] - CISCO. VPN IPsec crypto profile - no unique name created
  • [MT-1174] - CSV NAT import: not all values for "interface" ingested
  • [MT-1176] - Policies editor: Do not show corrected warnings
  • [MT-1177] - CSV: added log twice, one with name and another empty
  • [MT-1181] - CSV Processing. Identify jobs that started more than 24h ago
  • [MT-1182] - Bug when Remapping Interfaces
  • [MT-1183] - App-ID adoption - timing out when requesting traffic logs

Task

  • [MT-1171] - UI: Connector, change order from Top

Improvement

  • [MT-1172] - ML: Provide network only for IPv4
  • [MT-1173] - ML Settings. Trim paths before saving new Path
  • [MT-1178] - Scheduled tasks. Check for scheduled tasks every 30 sec
  • [MT-1180] - CSV Processing. Provide feedback in bar

 

Version 1.1.30-h2

Date 24/07/2019

  • Temporarily Disabled: [MT-1158] - ML: Create advanced features to allow network import

 

Version 1.1.29-30

Date 24/07/2019

Bug

  • [MT-1099] - IronSkillet - reports are being incorrectly written to the wrong XPath
  • [MT-1119] - CSV: Service any when importing security rules
  • [MT-1133] - App-ID adoption with Panorama / Cortex
  • [MT-1148] - IronSkillet: Add variable INCLUDE_PAN_EDL
  • [MT-1151] - ASA Parser - new format managed from FMC (Firepower Mgmt Console)
  • [MT-1155] - CISCO. Firepower import fails
  • [MT-1064] - Ext.util.Event.getFireInfo(): No method named "onBeforeLoadReports"
  • [MT-1159] - ML - returning incorrect results – Time Frame Override cannot be cleared
  • [MT-1160] - UI: Convert Basic Event Binding to View Controller Event Binding
  • [MT-1161] - Ext.JSON.decode(): You are trying to decode an invalid JSON String: undefined
  • [MT-1162] - CISCO. Parsing users is not taken \ for group\user
  • [MT-1163] - ASA User-ID Mapping reslove missing "/"
  • [MT-1164] - UI: Window Download doesn't worked
  • [MT-1166] - CISCO. VPN – IKE crypto lifetime is not set correctly

Improvement

  • [MT-1156] - Scheduled log processing – add details to the status messages
  • [MT-1158] - ML: Create advanced features to allow network import

 

 

Version 1.1.28

Date 04/07/2019

Bug

  • [MT-1094] - IronSkillet templates - incorrect MGMT_IP in the XML config
  • [MT-1134] - Edit Project: When asigned devices, devices grid does not reload all devices
  • [MT-1142] - Checkpoint R80.10 parser - hanging on zone calculation for NAT rules. Method missing

Improvement

  • [MT-1145] - CSV Autoprocess. Reset last_execution time to allow re-execution
  • [MT-1146] - Expedition Installer. Verify Expedition user exists

 

Version 1.1.27

Date 04/07/2019

Bug

  • [MT-1047] - Rule Enrichment - Change the order when importing rules
  • [MT-1130] - Checkpoint R80.10/.20 - not importing security or nat policies
  • [MT-1139] - Checkpoint. R80 NAT service may load incorrectly
  • [MT-1140] - Filters. Address groups with 1 member misses some matches

New Feature

  • [MT-1121] - Bulk Change. Add Zone to all rules (as include)
  • [MT-1141] - Filters. Address objects not used in groups

Improvement

  • [MT-1132] - WebUI - Devices header wording change
  • [MT-1136] - Load Applications.xml. Protect against recursive-loop dependencies
  • [MT-1137] - Rule Enrichment. Improve performance by reducing number of queries

 

Version 1.1.26

Date 27/06/2019

Bug

  • [MT-1118] - Search and Replace - 'Remove' option fails when the DG selection is set to 'All'
  • [MT-1122] - ASA migration - add migration support for DM_INLINE service objects
  • [MT-1124] - Periodic CSV Process. Stops if one firewall does not have logs to process
  • [MT-1128] - Invalid policy names - length calculation needs to be adjusted for PAN-OS 8.x and 9.0

New Feature

  • [MT-1120] - Service import - check for valid destination port ranges
  • [MT-1129] - Policy merge - add the policy name of the merged policy into the description into the new policy

Improvement

  • [MT-1080] - Backup directory - limit to 20 snapshots
  • [MT-1127] - VM Setup. Script to setup Expedition on clean Ubuntu 16.04
  • [MT-1131] - Sec Merge. Improve performance

 

Version 1.1.25

Date 20/06/2019

Bug

  • [MT-1054] - Radius Server. Reports test connection errors as LDAP
  • [MT-1066] - SRX migration - custom service timeouts not being migrated
  • [MT-1111] - CSV Nat. Importing NAT rules misses to capture src and dst fields
  • [MT-1112] - UI: console log when edit services
  • [MT-1113] - CSV: delete the first columns mapping
  • [MT-1115] - CSV Service Import. Dport not loaded correctly
  • [MT-1116] - XML generation - removed LLDP profiles
  • [MT-1117] - XML generation - adding 'merged' tag into the incorrect XPath

 

Version 1.1.24

Date 12/06/2019

Bug

  • [MT-1087] - Web UI - multiple refreshes automatically after upgrade to 1.1.21
  • [MT-1091] - Interfaces: when edit lost IP Address
  • [MT-1092] - XML generation - failing to generate XML file
  • [MT-1095] - Interfaces: remove Link Settings from Vlan, Loopback and Tunnel
  • [MT-1096] - Interfaces Log Card/Decrypt Mirror: Import/Edit/Export
  • [MT-1098] - Interfaces: remove field Type from Vlan, Loopback and Tunnel
  • [MT-1103] - JOBS Listing. Include STARTED tasks in the view of pending
  • [MT-1104] - Spark Log. Create entry for RuleDistanceCalculator
  • [MT-1109] - CSV Summary. Perform the summary on HA device as well

Task

  • [MT-1106] - Script New Installation. Located in /var/www/html/OS/installation

Improvement

  • [MT-1100] - HealthCheck Jobs. Verify all the jobs are correctly reported
  • [MT-1101] - Device Reload. Force device reload on "reload", not on tab click
  • [MT-1102] - Snippet Reload. Force snippet reload on "reload", not on tab click

 

Version 1.1.23

Date 2/06/2019

Bug

  • [MT-1105] - GUI Logging loop. Control when backend does not report correctly a valid login.

 

Version 1.1.22

Date 30/05/2019

Bug

  • [MT-1050] - CISCO. upd www not created correctly (reported by R. Ouaini)

Improvement

  • [MT-571] - SPARK: ML_NewRules Reduce time and memory consumption
  • [MT-1006] - Devices - hide the API key's
  • [MT-1060] - ASA migration - migrate service 'domain' as TCP/UDP 53
  • [MT-1074] - Interfaces: Add PagingToolbar
  • [MT-1086] - Policies. Show again the "all" rules
  • [MT-1089] - Discovery Button: Make it all clickable
  • [MT-1093] - Spark CSV. Improve memory and disk usage for debug

 

Version 1.1.21

Date 27/05/2019

Bug

  • [MT-1036] - Rule Enrichment - App-ID being included in imported rules with 'Application' unchecked
  • [MT-1078] - CSV Import - Import of security policies not incrementing Rule ID's correctly

Improvement

  • [MT-1084] - CSV Autoprocess. Show current system time for autoprocess assistance
  • [MT-1085] - CSV rights. Script to modify CSV log rights to emable www-data delete the files

 

Version 1.1.20

Date 24/05/2019

Bug

  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly
  • [MT-1070] - Panorama: add on Interface Type: "Log Card", "Decrypt Mirror"
  • [MT-1075] - Predefined Filter “Duplicated Name” Not Worked as Expected

Improvement

  • [MT-1005] - CSV Import - services add field for source port
  • [MT-1071] - CSV Logs. Schedule log processing (autoprocessing)
  • [MT-1081] - HealthCheck Summary to fast spot healthcheck issues
  • [MT-1082] - HealthCheck. Verify Temp Data Structure rights
  • [MT-1083] - Spark. Separate temp data structure from parquet paths

 

Version 1.1.19

Date 16/05/2019

Bug

  • [MT-1001] - CSV import - do not allow Security policies to be imported into 'Shared'
  • [MT-1063] - XML Generation - Panorama Template - Interface mappings not migrating correctly

Improvement

  • [MT-1068] - CSV Parquet. Split CSV files into buckets based on available RAM. Reduce chances for memoryoverhead error

New Feature

  • [MT-1069] - environtmentParameters. Verify that all required parameters are defined via a healthcheck

 

Version 1.1.18

Date 13/05/2019

Bug

• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-1039] - Zone names - max characters is 31 - Expedition recognizes only up to 15
• [MT-1046] - WebUI - Filter for Address --> Type needs to be corrected
• [MT-1059] - Slow performance - when removing unused objects
• [MT-1065] - Filters: duplicated Name & Value on AddressGroups

Improvement

• [MT-858] - Usability improvement feature: Add status icon for Project exports
• [MT-1061] - Change "No rules configured" to "Select a vsys with rules"
• [MT-1067] - CSV Parquet. Use available RAM

 

 

Version 1.1.17

Date 06/05/2019

Bug

 

  • [MT-403] - CISCO. The field devicegroup shows "default" instead of filename
  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-961] - ScreenOS - service configs with multiple ports and protocols with SRC settings not migrating correctly
  • [MT-1048] - Dashboard - Disk Space message - updated Live Community link
  • [MT-1051] - TAG "merged" is used by objects but not exported to the XML
  • [MT-1052] - Edit Security Rules: add/edit tag change with id
  • [MT-1056] - Policy count reporting error. Vsys "all" will not display security rules.
  • [MT-1057] - WebUI - wording changes

Improvement

  • [MT-999] - Mark Checkpoint policies with a Warning when migrated from an action not set to allow or deny
  • [MT-1012] - UI wording change - Search and Replace - change 'VSYS' to 'VSYS / DG'

 

Version 1.1.16

Date 30/04/2019

Bug

• [MT-884] - Zones: on version 8, add type "Tunnel" and "External" on Panorama
• [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
• [MT-994] - Address merge - perform a precheck for Ghost objects. Do not let ghost objects to be merged
• [MT-1004] - Virtual Router - Route sorting not working
• [MT-1017] - Add LACP Port Priority on Interface when type is Aggregate Ethernet (reported by Luke)
• [MT-1027] - ASA migration - failing to complete the migration
• [MT-1029] - Add Tag Column on Grid Applications
• [MT-1030] - PAN-OS. Panoram read-only. Dont create it if max id is 0
• [MT-1031] - XML generation - <import> - importing unneeded interfaces causing commit to fail
• [MT-1032] - Checkpoint R80.20 - Address groups not being migrated
• [MT-1033] - Interfaces: update interfaces on other tables
• [MT-1042] - CSV. After read the content of a csv file go to PAGE1 by default.
• [MT-1043] - CISCO. Support for address-group security in ACLs
• [MT-1044] - Warning Logs from Address Groups

 

New Feature

• [MT-759] - Add TAGS to merged objects (address and services) and policies (security and NAT)
• [MT-849] - Add Tags to multiple address objects (multiedit)
• [MT-1026] - CSV Import - add option to delete lines


Improvement

• [MT-844] - API Key. Make the request in background
• [MT-864] - Export: Change to Job
• [MT-1010] - NAT policy export - add column and values for 'Translation Type'
• [MT-1013] - Add on Objects: selected item from right click on Menú options
• [MT-1016] - WebUI change - App-ID adoption
• [MT-1035] - Address. Improve performance to process address and address groups
• [MT-1037] - IronSkillet. Add templates for version 9.0
• [MT-1038] - Change report name - M.LEARNING Traffic report
• [MT-1045] - CSV. AutoMap Columns based on CSV Header

 

 

Version 1.1.15

Date 15/04/2019

Bug

  • [MT-892] - User-ID entry causing XML generation to fail or XML to be malrofmed
  • [MT-1007] - XML generation - inserting invalid tunnel interface configuration
  • [MT-1008] - App-Override - Transform App to Service is generation an incorrect timeout
  • [MT-1019] - Merge - cannot merge 'Log forwarding profile'
  • [MT-1020] - Service Merge. Error while merging two services

New Feature

  • [MT-759] - Add TAGS to merged objects and policies

Improvement

  • [MT-1014] - Increase height of the window that shows the results of the merge

 

Version 1.1.14

Date 12/04/2019

 

Bug

  • [MT-768] - Consolidate - do not mix and match rules with services and applications
  • [MT-1000] - Expedition Exporting Configuration with "read-only" (reported by Luke)

 

Version 1.1.13

Date 10/04/2019

Bug

  • [MT-757] - MERGE - issue found when setting unused object as primary for merge
  • [MT-937] - Web UI - Remove the "Register as Regions" button
  • [MT-942] - XML generation - orphan XML tag being added
  • [MT-953] - Rule merge all results
  • [MT-986] - WebUI - (Predefined) Nat noNAT not working correctly
  • [MT-998] - Web UI - graphic not rendering correctly
  • [MT-1009] - Expedition Cross Site Scripting in devices View (Description field)

Task

  • [MT-308] - Verify all scripts in /bin have the sessionControl.php

Improvement

  • [MT-975] - MULTI-EDIT - enable the 'Description' option
  • [MT-995] - Ghost object - replace the "/" in the name after transforming
  • [MT-996] - Wording change in UI

 

Version 1.1.11

Date 28/03/2019

Bug

  • [MT-947] - SRX migration - NAT rules not migrating Destination NAT rules correctly
  • [MT-958] - PROJECT. Prevent invalid names for Projects like "create" or "is"
  • [MT-964] - Dashboard. Calculate Ghost when source is not provided
  • [MT-966] - Dashboard. Invalid services do not consider groups with "any" inside
  • [MT-967] - CISCO. Creating service groups with tcp-udp services includes any service
  • [MT-968] - CISCO. Missing some implicit services due to being both tcp and udp
  • [MT-969] - Export to Excel: Nat rules, remove id) from name
  • [MT-972] - Save snapshot - not saving when the snapshot name has blank spaces

New Feature

  • [MT-917] - API Calls. Clear all API Calls.

Improvement

  • [MT-956] - Dashboard statistics - only calculate unused objects for the most recent imported configuration
  • [MT-957] - Dashboard statistics - add a counter for rules and objects with warnings
  • [MT-959] - Check Used Objects. Calculate objects only for the new source
  • [MT-976] - API Output manager - expand the 'search' to include the 'XML Content'
  • [MT-978] - Dashboard. Include address groups with invalid references

 

Version 1.1.10

Date 21/03/2019

Bug

  • [MT-819] - SRX file migration failed - due to Invalid XML
  • [MT-932] - SRX - NAT policies not migrating correctly
  • [MT-939] - Service override settings need correction in the XML and API output
  • [MT-940] - SRX - migration stalls at importing NAT policies
  • [MT-949] - XML generation is Invalid - Dash in the description causing the failure

New Feature

  • [MT-200] - Convert Long structures to BigInt to support IPv6
  • [MT-941] - SRX - migration support for double NAT configurations
  • [MT-946] - WebUI - add a global indicator for the Expedition agent status
  • [MT-948] - CSV Logs. Show logs per days summary

Task

  • [MT-952] - Update to Sencha 4.2.5

Improvement

  • [MT-501] - CHECKPOINT R80. Importing objects some are missing
  • [MT-781] - Allow importing of new configurations to be displayed and edited
  • [MT-871] - Add a message after merging configurations
  • [MT-936] - Add a search for Device-Group and Template selections

 

Version 1.1.7

Date 28/02/2019

Bug
   [MT-874] - ZONES: Delete a used zone is performed without a warning
   [MT-879] - Saved Rule Name with the character "*"
   [MT-880] - Filters doesn't search by the character "*"
   [MT-885] - Application object import - commas are causing new lines to be created
   [MT-886] - DEVICES page load timing out causing remote exception when hundreds
   [MT-887] - XML generation failing due to VLAN configured object
   [MT-888] - R80 import - Address group missing some members
   [MT-890] - IronSkillet - base config not passing admin credentials
   [MT-894] - Filter - not matching predefined keywords 'none'
   [MT-897] - Import Project: error when are two or more directories on folder
   [MT-898] - Checkpoint. Missing members in nested groups
   [MT-901] - Zones - incorrect zone being deleted by mistake

   [MT-902] - IronSkillet - 8.1 XML file not adding template
   [MT-903] - IronSkillet - not copying the MGMT IP information

   [MT-904] - IronSkillet - API Output manager is generating invalid API requests for deviceconfig
   [MT-905] - Spelling correction - Best practices section
   [MT-908] - XSS in Migration Tool
   [MT-909] - Import/Export Applications ident-by-icmp-type

Improvement
    [MT-877] - /boot out of space Added as Check from the Dashboard.
    [MT-891] - IronSkillet - Panorama config display enhancement
    [MT-907] - Fixed some Text Typos

 

Version 1.1.6

Date 14/02/2019

Improvement
   * [MT-828] - LogConnector: Provide information about used data sources
   * [MT-876] - Change width “Description” column for all Excel export

 

Version 1.1.5
Bug

    * [MT-866] - ScreenOS. Fails importing security rules with hidden chars
    * [MT-872] - ScreenOS: SNMP service incorrectly loaded
    * [MT-860] - Filters. “Starts with” does not filter correctly

Improvement
    * [MT-814] - Auto Zone Assigment: change title if nat or security policies
    * [MT-815] - Autozone: Bidirectional NATs are not correctly applied
    * [MT-863] - Allow reimporting a configuration with an existing name. Loaded with date suffix

 

Version 1.1.4

Date 02/05/2019

Bug

  • [MT-767] - Consolidate - do not include 'Deny' rules to consolidate if other rules are set to accept
  • [MT-811] - Cisco ASA migration - Auto Zone Assign not calculating the zones for Security rules correctly
  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule
  • [MT-820] - GlobalProtect configuration missing in Expedition tool
  • [MT-823] - Policy Filter in Expedition with option NOT IN NETWORK
  • [MT-826] - Services: override unexpected here. Discarding.
  • [MT-827] - Rule Enrichment: doesn't import correctly application-default
  • [MT-829] - Rule Enrichment: doesn't have save snapshot
  • [MT-834] - Export/Output: Disable override doesnt generated correctly
  • [MT-837] - Export/Output: services with protocol SCTP doesnt generated correctly
  • [MT-842] - LDAP. Authentication not working correctly
  • [MT-845] - Policy Filter with option NOT IN NETWORK doesn’t work
  • [MT-857] - SRX parser - not adding nested service groups
  • [MT-859] - Rule Enrichment: doesn't import correctly source/destination

 

New Feature

  • Under LDAP servers a new field has been added (account prefix)
  • Now Expedition calculates for all the rules if they are L7 or L4 only.
  • [MT-698] - New Predefined Filter. L4 and L7 Rules
  • [MT-850] - The Discovery window has been splitter in two windows one for ML and another one for Rule Enrichment
  • The ML and RE now supports IPv6 addresses within the logs
  • Expedition will verify if you have access to the logs folder for ML and RE
  • Runtime feedback added while RE and ML is running from the view.
  • [MT-812] - Update BPA Security Policies View with the new Fields
  • [MT-833] - ML: RE: Added Unknown applications to the Analysis
  • [MT-843] - UserRoles. Do not allow SuperUser to change own role
  • Expedition can import the same configuration name into the same project by automatically renaming them with the date-time at the end of the filename.

 

Version 1.1.2

Date 28/12/2018

Bug

  • [MT-813] - ver 1.1 - XML generation failing - due to PBF rule

Improvement

  • [MT-814] - Auto Zone Assigment: change  window title if its nat or security policies
  • [MT-815] - Autozone: Bidirectional NATs are not correctly applied

 

Version 1.1.1

Date 19/12/2018

Improvement

  • [MT-812] - Updated Best Practices. The Security Policies View. Updated the Grid Columns

Bug

  • IronSkillet. Version 1.1 didnt get all the components needed to run IronSkillet. Fixed in 1.1.1

 

 

Version 1.1

Date 14/12/2018

Bug

  • [MT-407] - Filtering by Nat zone TO doesn't work
  • [MT-597] - Output: Merge zones in the Template
  • [MT-599] - Consolidation: Check for duplicated profiles
  • [MT-602] - Bug with ML server export
  • [MT-604] - Device image models are not rendered correctly.
  • [MT-608] - Rule Enrichment: Add to Existing Rules
  • [MT-622] - FW: Latest Version of Expedition doesn't delete Service Objects
  • [MT-628] - Issue with Custom App-IDs in Expedition
  • [MT-634] - Truncate Names Rules Names/Description v.8.0
  • [MT-636] - ASA Config: Any in group to service
  • [MT-648] - Remote exception when filtering for unused address object groups
  • [MT-651] - New bug detected in 1.0.101 (Email) Duplicated Name, Filter
  • [MT-765] - Update name schedules/log forwarding/zones/monitor, selected ids from rules by source and vsys
  • [MT-766] - Log Forwarding / Schedule: if it's removed need to be removed from rules too.
  • [MT-800] - Tab Click on Policies does not render correctly
  • [MT-808] - Export: output. Remove new policies QoS, PBF, etc.

New Feature

  • [MT-424] - Add Filter Target and Set Add, Remove, Update target etc
  • [MT-600] - Add button Test on Servers
  • [MT-603] - New windows for Test Connection LDAP and Radius
  • [MT-618] - Address: Add Transform IPAddress to object
  • [MT-779] - Add Other Rules: check version 7

Task

  • [MT-792] - LDAP: remove admin from test window

Improvement

  • [MT-638] - Add Other Rules Import
  • [MT-650] - Add Other Rules: calculate used objects
  • [MT-728] - Unify the two menus of the objects (Address / Address Groups)
  • [MT-729] - Unify the two menus of the objects (Services / Services Groups)
  • [MT-734] - Settings - Servers - LDAP/RADIUS
  • Added Best Practices version 3.6.3
  • Added IronSkillet under Import -> Palo Alto

 

Hotfix 1.0.109

Date 10/12/2018

Bug

  • [MT-756] - PALOALTO. Some Url categories from PAN-DB are lost when Expedition imports a PAN-OS Configuration
  • [MT-795] - App-ID PDF Report. Fields with ANY are rendered with the previous value.
  • [MT-804] - Export: output, drag & drop shared response pages fails to merge with the Base Configuration
  • [MT-805] - Export: output API Calls doesn't generate GlobalProtect IPSec Crypto
  • [MT-806] - Export: output API Calls doesn't generate Tunnel Monitor from IPSec Tunnel

Improvement

  • [MT-475] - Reviewed support for VPN IPSec in PAN-OS version 8.1
  • [MT-797] - Data Analysis. Added support for Logs from PAN-OS 9.0.0 beta
  • [MT-798] - Rule ML: Verify if parquet folders exist before execute the analysis
  • [MT-799] - Rule ML: Define default input and output folders
  • [MT-801] - STONESOFT: Load template NAT rules
  • [MT-802] - STONESOFT: Multiple services in NAT rules not loaded

 

Hotfix 1.0.108

Date 30/11/2018

Bug

  • [MT-744] - Reviewed Consolidation Issues: sometime the zones are lost.
  • [MT-748] - Enable or Disable from menu: add/delete Target when is Panorama
  • [MT-760] - Import Palo Alto: Monitor Profile empty action, interval and threshold
  • [MT-763] - Filters by Tag: doesn't work "not contain" and "not equal"
  • [MT-769] - External List: if is removed, Was not removed from rules.
  • [MT-772] - CISCO: ASA migration enhancement request: service as null
  • [MT-773] - Filters: doesnt work negated filters (not equal, not contains)
  • [MT-774] - Add Prefix. Affects to predefined Objects like application-default
  • [MT-775] - Export: output duplicated predefined objects to shared
  • [MT-778] - Export: output API Output Manager doesnt load devices
  • [MT-788] - Dynamic Address Groups, Add TAGs to export as Excel.
  • [MT-789] - Known Applications: create rule: Icons Source/Destination are not rendered correctly
  • [MT-790] - App-ID Reconciliation Reviewed.

Task

  • [MT-787] - LDAP: Test change method from GET to POST

Improvement

  • [MT-753] - Add options from Rule Action to Bulk Changes on Appoverride Rule's Menu
  • [MT-754] - CSV Import. Static Routes. Rewording Gateway by NextHop
  • [MT-755] - CSV Import. Static Routes. If interface is set and NextHop too add both
  • [MT-783] - Query the summary logs for log analysis. App-ID now can query summary database instead the raw log.

 

Hotfix 1.0.106

Date 10/01/2018

Fixes

  • [MT-677] - CHECKPOINT. Add Target to NAT Rules
  • [MT-678] - CHECKPOINT. Read Headers for NAT as we do for Security
  • [MT-683] - CHECKPOINT. Negated Services in Rule
  • [MT-684] - Activate Rule Actions via rightclick (Nat)
  • [MT-692] - Combine rules from Main Menu
  • [MT-695] - Remapping Interfaces on a PAN-OS configuration added interface in source nat.
  • [MT-708] - SRX. Interfaces not imported due to single quotes in comments
  • [MT-709] - Objects. Address and Groups View. Tag is not shown correctly
  • [MT-713] - Fix duplicated rule name with the maximum name length according to the version

Improvements

  • [MT-686] - Unify the two menus of the rules (Nat)
  • [MT-688] - Add Option "Select All Rules"
  • [MT-691] - Menu Nat rules: set "selection" or "all rules" from all options
  • [MT-717] - STONESOFT. Added support for multiple policy jumps

 

Hotfix 1.0.105

Date 09/19/2018

Fixes

  • [MT-263] - Activate ML/RE rules via rightclick without clicking firs with the left button.
  • [MT-676] - MultiEdit changed parameters from GET to POST
  • [MT-679] - Activate Set as Primary objects via rightclick without clicking firs with the left button.
  • [MT-680] - Activate Rule Actions via rightclick (Security) without clicking firs with the left button.
  • [MT-681] - CombineSecurity rules from Main Menu was not working properly
  • [MT-682] - CISCO. The function addPrefixSuffix was removed. Added again to avoid import crash if IPSsec tunnels defined.
  • [MT-685] - Activate Rule Actions via rightclick (Application Override) without clicking firs with the left button.
  • [MT-689] - STONESOFT. Some member groups where created as duplicated objects because the naming
  • [MT-693] - STONESOFT. Address differenciate between IPv4 and IPv6
  • [MT-705] - Add "Case Sensitive" on Menu option: "Search&Replace"
  • [MT-706] - Export: Source configuration: missing Applications Groups

New Features

  • [MT-360] - Improve Rule Search to include "by ID" in the search not just by name
  • [MT-701] - Rule Menus: Added option "All Rules" to "Add Serial" to all the selection

Improvements

  • [MT-86] - Output: Drop Apps into Shared: AppGroups where not moved properly
  • [MT-519] - Join the two menus of the rules (Security)
  • [MT-613] - Add Filter: (Predefined) Rules with Users
  • [MT-687] - Join the two menus of the rules (Application Override)
  • [MT-700] - STONESOFT. Use Objects in Memory for speed up migrations
  • [MT-704] - Search & Replace: add Id] on grid "Replace"

 

Hotfix 1.0.104

Date 09/03/2018

Fixes

  • [MT-633] - Virtual Routes: edit static routes doesnt oder by column

  • [MT-667] - Consolidations/Merge Nats

  • [MT-668] - MERGE Objects. The Descriptions are appended even they are equal

  • [MT-669] - Error JavaScript ServerProxy store Translation Type on Nat Editor

  • [MT-672] - Remote exception when filtering for unused when clicked on Dashboard

  • [MT-673] - Cloned Rule Nat

  • [MT-674] - STONESOFT. Cidr from objects are not imported

  • [MT-675] - STONESOFT. After GroupMember2IdAddress_improved new dummy objects were created

New Functions

  • [MT-577] - Project Import. Verify the size of the file is smaller than MAX
  • [MT-670] - Filters Nat/App override Policies: Add filter with Target

 

Hotfix 1.0.103

Date 08/28/2018

Fixes

  • [MT-654] - Tools: cloned rule exceeds the max lenght.
  • [MT-661] - Merge by value. Descriptions were incorrectly merged between objects.
  • [MT-663] - Missing options to calculate invalid services
  • [MT-666] - Rule Enrichment is not importing discovered rules

New Functions

  • [MT-662] - SNIPPETS. Add new type SPYWARE

 

Hotfix 1.0.92

Date 06/22/2018

Fixes

  • Output generation was broken if non utf characters or "&" were found in the description fields. 

New Functions

  • Stonesoft: Added support for refuse action to be mapped with reset-both instead of drop

 

Hotfix 1.0.91

Date 06/21/2018

Fixes

  • Cisco Nats: Improved the support for object nats.

New Functions

  • Added Best Practices version 3.0.6
  • After the Update you have to run an script to update to python36
      sudo bash /var/www/html/OS/BPA/updateBPA306.sh

 


 

L0 Member

Hi , I ma migrating checkpoint firewall configuration to Palo alto using expedition tool version 1.1.82.2. after importing checkpoint configuration on expedition tool I am not getting zones in security policy rule while it zone showing in NAT rule.

Rest all configuration are correct for us.

 

Please help us to resolve the zone issue on security policy.

L1 Bithead

Kindly i need a link to download Expedition tool 1.1.82 OR 1.1.62 for vmware.

 

Thanks in advance.

  • 75169 Views
  • 13 comments
  • 1 Likes
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎03-09-2021 12:40 AM
Updated by: