Expedition Release Notes
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Version 1.2.99 (Date November 13, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.99.all.deb sha1sum 1ec9e675f72b0ee07d76ee56c1df3acb1e81fd76 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.99.all.deb; sudo dpkg -i expedition_1.2.99.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool updates: Autozone Enhancement: We have introduced support to incorporate all zones when multiple static routes are available for the same destination. This enhancement provides improved auto zoning capabilities and ensures efficient traffic management across different zones. URL Category Pagination Issue: We have resolved an issue related to paginating URL categories when there are more than 25 records. Users can now seamlessly navigate through and manage larger sets of URL categories without any disruption.
View full article
Version 1.2.98 (Date November 8, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.98.all.deb sha1sum 575d8dd9db46060e0f3724289b414c4e320cfb0c apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.98.all.deb; sudo dpkg -i expedition_1.2.98.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool Updates: Fixed issue with push to device call not using the HTTP HEADER to add the api_key. Enabled adding the tag log-setting on decryption rules when serializing the output. Resolved CSRF token issue when Expedition is behind a proxy and the proxy rewrites the default csrftoken attribute. Fixed the pre-defined filter "duplicate name and value" for address groups. Allowing all types of characters to be included in the password when integrating login with LDAP or Radius. Fixed issue with Autozone in Security rules not using the post NAT zone. Resolved NAT Rules display issue where matched Security Rules were not showing when DNAT is dynamic destination with load balancing. Fixed XML save issue when managing URL Categories.
View full article
Version 1.2.97 (Date October 18, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.97.all.deb sha1sum 2f40b23225a7cff39c085dea60e1ad107d3caff6 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.97.all.deb; sudo dpkg -i expedition_1.2.97.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool Updates: Fixed issues with filters on NAT policies. All fields now work fine with contains and not contains operators. Resolved the issue of not being able to add a device into a project. Improved handling of false positive health checker dependencies. Enhanced LDAP connection error handling. Zones are now properly exported in the XML or set commands when migrating to a firewall. CISCO Parser: Fixed CISCO NAT rules. Expedition was creating a not required Inbound NAT rule.
View full article
Version 1.2.96 (Date October 2, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.96.all.deb sha1sum ce16eb4caf442468dea0ec81ee5ec21ac31a0a4b apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.96.all.deb; sudo dpkg -i expedition_1.2.96.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool Updates: Code refactoring: The latest version includes significant code refactoring to improve code quality, maintainability, and performance. Rectified bugs introduced in the previous version: This release addresses and fixes the bugs that were inadvertently introduced in the previous version, ensuring a more stable and reliable application.
View full article
Version 1.2.95 (Date September 18, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.95.all.deb sha1sum d58c1d9058aab454c80b6e7f9ea6febbd14665b3 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.95.all.deb; sudo dpkg -i expedition_1.2.95.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool Updates: Resolved issue preventing ML logs processing on fresh installations. Rectified bugs introduced in the previous version. Applied changes to Apache2 configurations. User Experience (UX) Improvements: Fixed a bug in the Security Policies grid that was displaying tag IDs instead of values.  
View full article
Version 1.2.94 (Date September 3, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.94.all.deb sha1sum c8b335e3670e034e2bab1c0571ccf88226475eb2 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.94.all.deb; sudo dpkg -i expedition_1.2.94.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Fortinet: Fixed PHP warnings in the following scenarios: When the policy does not contain any "config firewall vip" with portforward disabled. When regions are used in security rule but not in both source and destination. Addresses in Fortinet not defined as any type or with dynamic type are now migrated with an issue associated and available in Log Monitor. Added a Log Monitor when reading a security rule using application-list. Fixed an issue where Expedition was creating duplicated service objects. PANOS: Added support to read the "tagging" XML attribute for application-filters entity. CISCO: Addressed issues when reading ipv6 network-objects defined in object-group, ensuring Expedition does not create an empty group and correctly handles the ip version and cidr of the network defined in the network-object. Tool: Truncated the merged resulting security rule description to 1024 characters after merging 2 or more rules. Updated the XML file export to ensure the service protocol tcp/udp is always in lowercase. Implemented a new script to get hit_counts from specific rules instead of requesting hits for all of them. Device Management / PANOS Integration: Updated the authentication method when integrating with a device. API integrations uses now a custom header.  
View full article
Version 1.2.93 (Date July 16, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.93.all.deb sha1sum 6d244d3915557d23c8ff1682c51bdebd8f9c2341 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.93.all.deb; sudo dpkg -i expedition_1.2.93.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool: Fixed issue where UX - Policies bulk zone removal doesn't work when selecting All. Fixed ML/RE issue where "After action" delete or compress was not working for FW logs using serialHA. Cisco: Expedition now adds service members to service groups even if they don't fit the protocol, marking the service group as invalid for easy search and replace. Expedition now handles error reading rule-lid for FWD containing IPv6 address, ensuring access-lists work properly. Fortinet: Improved parsing of multiline comments for address group, address object, and services object. Stonesoft: Expedition now creates all rules defined on the jump policy definition and matches source/destination addresses correctly. Expedition creates rules even if they do not match, marking them as disabled and attaching a warning for customer review. Checkpoint R81: Expedition now creates URL categories for dns-domains with is_sub_domain flag as true, and attaches warnings to affected security rules. URL categories are available for export, and filters show security rules with warnings for cases where a sec rule needs to use an url-category.  
View full article
Version 1.2.92 (Date June 12, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.92.all.deb sha1sum f13c4617487c5ae2e4abf8bc207b9dd1aeaefafe apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.92.all.deb; sudo dpkg -i expedition_1.2.92.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. TOOL: Resolved issue with auto zone assignment to prevent inclusion of non-NATed "to" zone when all destination objects in the security rule match a DNAT rule. Updated the script to address CVE-2024-5910. Enhancements to the upgrade script have been made to address various issues and improve overall functionality.
View full article
Version 1.2.91 (Date June 4, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.91.all.deb sha1sum 5f55aa843cb9a26d811e810a145f8f6c5f446d81 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.91.all.deb; sudo dpkg -i expedition_1.2.91.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. FORTINET: Adding logic so security rule multiline comments are added to sec rules descriptions. Fix a bug so if a security rule new line comment starts with End the parser does not stops reading the security rule. Improved parsing of services that contain tcp-portrange or udp-portrange with multiple ports. Expedition now creates a separate service for each port and adds them to a service group with the name of the original Fortinet service. This includes considering the source and destination ports and ensuring that duplicate services are not created. TOOL: UI. Removed static routes filter when loading the static routes store. Addressed the issue with Merge address object that was preventing the replacement of merged objects on all instances.
View full article
Update May 26, 2024: Generating a patch due to a bug on 1.2.90 Version 1.2.90.1 (Date May 26, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.90.1.all.deb sha1sum 2587a28972528ac2d01c06988c50172b40a72c00 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.90.1.all.deb; sudo dpkg -i expedition_1.2.90.1.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. FORTINET: Improved handling of syntax when reading config firewall service custom tcp-portrange and udp-portrange, properly identifying the destination and source port. INSTALLER: Added support for ARM architecture when creating the debian package. TOOL: Added MYSQL custom settings to enhance performance for large configurations and projects.
View full article
Version 1.2.89 (Date May 16, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.89.all.deb sha1sum f5e42557e89d3b0b006218463d38ef6ecc341bd8 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.89.all.deb; sudo dpkg -i expedition_1.2.89.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Fortinet 1) Improved Expedition to create default zones based on zones used in security rules and interfaces, without overlap. 2) Made minor changes to prevent PHP warnings caused by type mismatches or missing keys. 3) Enhanced Expedition to properly create NAT rules when reading VIPs with FQDN NAT, including support for the mapped-addr attribute.   Stonesoft 1) Resolved issue allowing customers to directly upload zip files. 2) Implemented logic to handle scenarios where an undefined address object is used, creating the object with the identified network value and including an error for verification.   Tool 1) Added syslog configuration examples with filtering for TRAFFIC logs. 2) Updated Expedition versions panel on the dashboard to include a refresh option. 3) Fixed query on the dashboard to skip default services when identifying invalid services. 4) Added utility script to split log files containing both SYSTEM and TRAFFIC logs into separate files with only TRAFFIC logs. 5) Improved security by changing the execution method of PHP's mysql and mysqldump commands to avoid passing credentials in plain text.
View full article
Version 1.2.88 (Date May 8, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.88.all.deb sha1sum 8571db7157317471a2745a8ff0eba229322b0446 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.88.all.deb; sudo dpkg -i expedition_1.2.88.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. CISCO: CISCO NATs (source static A A' destination static B B') have been updated to use separate outbound and inbound NAT rules instead of a bidirectional rule. This change aims to improve the accuracy of the migration from CISCO behavior and prevent the inbound rule from having a source address of ANY. You can find more information about this change in the following reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWBCA0
View full article
Version 1.2.87 (Date April 25, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb sha1sum 3000ff8ca1bea84096e960aac059f277b8a7935c apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.87.all.deb; sudo dpkg -i expedition_1.2.87.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool: Rule Merge: Prevents merging of rules with "url_category" set to both "any" and a specific value. Fixed UI issue displaying assigned logs/warnings for addresses in the warning tab. Improved UI to show NAT matched security rules. Optimized grouping of members in a group with over 500 members for better performance. Added new filter to identify not_ghost_objects for easier duplicate detection. Updated filters to include services with port >=65535 and invalid addresses in the invalid filters. Added script sample to replace rule names with descriptions (/var/www/html/Os/scripts/renameSecurityRule.php). Added script sample to create JSON or CSV file containing objects from a security rule (/var/www/html/Os/scripts/get_objects_from_rules.php). Installer: Fixed Erlang repository to support versions > 25. Corrected command to add Expedition to www-data group. Parsers:   FORTINET Enhanced monitor/log to display more information during migration. Resolved issue with creating services that start with "-". Log now appears in the warning tab for easier access when viewing NAT rules. When reading an FQDN with * (Reference used to implement this change: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRfCAK) 1) Create an FQDN without the * with a log error 2) Show the FQDN as invalid in the filters. CISCO Added warning for crypto maps without defined gateway (peer). Identified and marked services not properly recognized in CISCO configuration and attached corresponding error for display in the warning tab. Improved NAT rules logic to auto create inbound rules instead of bidirectional ones when applicable. DNAT ports are only added if no translation is detected. CHECKPOINT Fixed issue with static routes mapped to bond interfaces ending with 0. Enhanced monitor/log to provide more information when reading FQDNs with "*". PALOALTO Resolved PHP warnings during configuration import.
View full article
Version 1.2.86 (Date March 26, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.86.all.deb sha1sum e5cc37f940cef7cb782725d92b64a4b67e3fc3c1 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.86.all.deb; sudo dpkg -i expedition_1.2.86.all.deb; CHANGELOG Fixing below Bugs. These updates and fixes aim to improve the performance and functionality of the tool and parsers. Tool: API on PANOS 10.2.5 now functions correctly as the issue with single quotes in xpath has been resolved. Refactored merged rules feature with added logic to consider schedules and security profiles attributes. Updated installation script to address issues with rabbitmq-server installation and repository key prompts. Also, fixed Python installation script to support different Python versions without causing disruption. Note: To resolve any python library issue, please execute the script located at /var/www/html/OS/BPA/updateBPA306.sh. It will install python 3.7 but maintain python 3.8 as the default one for the Ubuntu OS. Parsers: Stonesoft FW and policy names with single quotes are now sanitized to prevent Expedition crashes, ensuring proper storage in the database and UI display, as well as accurate comparison when loading XML. Removed debugging printing in PALOALTO parser to eliminate PHP warning. Implemented a function to create new groups with a defined number of addresses and added it to all parsers to avoid reaching the maximum number of members in groups. Enhanced CISCO parser to address issues related to NAT rules and zone definitions, ensuring correct matching of security rules with corresponding NAT rules.  
View full article
Version 1.2.85 (Date February 21, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.85.all.deb sha1sum bec556485dc2d1815654e16130247526de2e81aa apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.85.all.deb; sudo dpkg -i expedition_1.2.85.all.deb; CHANGELOG Fixing below Bugs: Merge Sec rules feature: We have added logic to consider the attributes "schedules" and "security profiles" when merging security rules. ML/RE feature: Resolved a bug that was causing the duplication of the "M.Learning" tag for imported objects (security rules, addresses, services, etc.) during the ML/RE process. This issue has been fixed. CHECKPOINT R80+: Fixed a bug that was not properly taking into account the negate source or destination on sub-policies (inline). Now, when reading a child rule, if it has "any" as the source or destination, it will correctly consider the defined parent source or destination, including any negations. However, if the child rule specifies a specific source or destination, Expedition will keep them unchanged. Additionally, we have added a note to indicate that the parent rule had a "negate" source or destination. STONESOFT: Addressed issues related to uploading a zip file containing non-XML files. Previously, the validation of XML files was storing errors for all files, not just the one being processed. We have now implemented a clean-up mechanism to ensure that only errors relevant to the processed file are stored. SRX: Fixed a bug in reading SRX NAT rules, ensuring the proper migration of destination addresses. BPA not working: Fixed the installer and script to install the necessary dependencies for BPA (Best Practice Assessment). To resolve this issue, please execute the script located at /var/www/html/OS/BPA/updateBPA306.sh.
View full article
Version 1.2.84 (Date January 29, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.84.all.deb sha1sum 2cfd97e7c06ce6bd1a0b4623695a4f8d0d0c7ab5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.84.all.deb; sudo dpkg -i expedition_1.2.84.all.deb; CHANGELOG Fixing below Bugs: Checkpoint R77 Fixing conversion for address groups migrated as 1.1.1.1 Fortinet. Added support for below ipv6 Fortinet tags: vip6: address object vipgrp6: address group object addrgrp6: address group object static6: static route Checkpoint R81.  Adding more information into the monitor tab when migrating Checkpoint security rules using application-site objects.  Currently the original application-site name is included in the warning so it can be easily replaced by an url-category or AppId. Reverted from last version that all checkpoint host are created with cidr 32.
View full article
Version 1.2.83 (Date January 09, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.83.all.deb sha1sum 26fd5f16a1acd5fc863a49b45d10cbc43b5d05ee apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.83.all.deb; sudo dpkg -i expedition_1.2.83.all.deb; CHANGELOG Fixing below Bugs: MT-2739 - Checkpoint R80+. Fixed below bugs: 1) Avoid creating duplicated members on exclusion group addresses. 2) Checked the length for the address group name created when reading fqdn/dns-domain objects. 3) Checked the method isAinB. 4) Checked the DNAT logic to avoid creating shadowed rules.
View full article
Version 1.2.82 (Date January 05, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.82.all.deb sha1sum c1ae806e4376616f4b9fabade7097c7bfc256606 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.82.all.deb; sudo dpkg -i expedition_1.2.82.all.deb; CHANGELOG Fixing below Bugs: MT-2741 - CISCO. Fixed below bugs: 1) Adding support for alias being used as subnets in address-group definition. i.e: names name 10.1.1.0 SC_BCN object-group network SITE_BCN network-object SC_BCN 255.255.255.128   MT-2739 - Checkpoint R80+. Fixed below bugs: 1) Address group defined as exclusion group but without exception members. Added a fix so the group is now managed as any other exclusion group, getting as result members typed as range IP. 2) Added a log/monitor for NAT rules with DAT type static but using as DAT address an address-group. 3) When applying DNAT logic avoid creating shadow rules. Instead applying below logic: Check if current Security Rules matches the NAT rule, if so add a warning to trace it to the specific NAT rule and the DNAT tag as well. Check if cloned security rules from an specific security rule can be merged by destination and service. Check and make sure the cloned security rules contain the required "to" zones based on destinations. 4) Refactor on internal functions to compare if a list of objects is included in another list of objects (isAinB and isAinBservice).   MT-2728 - Checkpoint R77 - Fixed below bugs: 1) Fixing bug when reading ipv6 addresses.   MT-2742 - Screenos - Fixed below bugs: 1) Fixing bug for Screenos to manage Global zone as any 2) Fixing bug for Screenos managing static routes in ipv6 syntax
View full article
Version 1.2.81 (Date November 29, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.81.all.deb sha1sum 34c17d2a70d8b8b765f9266dd41a1a5dbbd58538 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.81.all.deb; sudo dpkg -i expedition_1.2.81.all.deb; CHANGELOG Fixing below Bugs: MT-2705 - Fixing on API Manager to show all API calls status (issue identified quick calls).
View full article
Version 1.2.80 (Date November 28, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.80.all.deb sha1sum b94d4f1808cd33983b8dc1bb8be0c0ea3d65a416 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.80.all.deb; sudo dpkg -i expedition_1.2.80.all.deb; CHANGELOG Fixing below Bugs: MT-2705 - Making sure the API Calls work with all current PANOS versions. MT-2736 - ML-RE - Log Analyser bug fixing - reading files with spaces on the name. Adding proper error message   Checkpoint R80+ bug fixing:   MT-2715 - Domain objects to FQDN objects migration bug fixing: 1. Avoid creating duplicated FQDN. 2. Support for .*. Domain objects. 3. Avoid creating FQDN address and address group with same names.   MT-2734 - When migrating Checkpoint Global Domain Access Layer, Expedition is creating a dedicated vsys for the access layer with policies and network objects. Instead policies should be created at the shared vsys and network objects on the main vsys. Also added logic so policies on shared are available on the Export drag and drop tree.   SCREENOS bug fixing: MT-2735 - VR was not containing all assigned interfaces.
View full article
Version 1.2.79 (Date November 05, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.79.all.deb sha1sum 5129ad210ce5f0ffe28337ddb51b2c8faec8f4b5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.79.all.deb; sudo dpkg -i expedition_1.2.79.all.deb; CHANGELOG Fixing below Bugs: MT-2733 - Checkpoint issues: 1) FQDN are created twice. With correct URL and with 1.1.1.1 value. Also some FDQN are created invalid starting with ".." or www.www. 2) Security rules created after fixing the destination based on matching NAT rule contains the from zone coming from the NAT rule instead of the original security rule.
View full article
Version 1.2.78 (Date October 26, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.78.all.deb sha1sum 612841019586bc13d4fcf4edbd369538bed82c87 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.78.all.deb; sudo dpkg -i expedition_1.2.78.all.deb; CHANGELOG Fixing below Bugs: MT-2727 - Capability to export Source and Destination regions while getting the proposed rules after executing ML analysis. MT-2726 - Fortinet issues fixed/improving: UDP services not taking properly the portrange Support for ipv6 address as src or dst in security rules
View full article
Version 1.2.77 (Date October 19, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.77.all.deb sha1sum 8cb97dcb3aea9f65547c01205e50e09e2d4cbf31 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.77.all.deb; sudo dpkg -i expedition_1.2.77.all.deb; CHANGELOG Fixing below Bugs: MT-2719 - Revert tuning on the query to set as used objects with the same name to make it compatible with all Mysql versions. MT-2725 - Fortinet - When reading static routes on a Fortinet configuration the static route is not created with the proper value of ip version. That cause that the static route is not added into the PANOS XML / neither the API calls.
View full article
Version 1.2.76 (Date October 17, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.76.all.deb sha1sum 36ff8cfa861f4c5a83b414dd7f82363fdd0b0dce apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.76.all.deb; sudo dpkg -i expedition_1.2.76.all.deb; CHANGELOG Fixing below Bugs: MT-2724 - Checkpoint R80+ issues: 1) When checkpoint is including more than one policy, network information is not properly generated to the main vsys 2) Application policy is not created disabled (global disable) 3) Nested address_groups defined as checkpoint type "checkpoint-host" are not properly created.
View full article
Version 1.2.75 (Date October 12, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.75.all.deb sha1sum 22614db56cb39826647142b88a6e8fd0c37dcd65 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.75.all.deb; sudo dpkg -i expedition_1.2.75.all.deb; CHANGELOG Fixing below Bugs: MT-2720 - CISCO issues: Fixed an issue where Expedition was disabling rules that should not be disabled. Specifically, when reading a rule that had log disabled, Expedition was disabling the rule when the disable was applying to the log feature but not to the rule itself.   MT-2719 - MT-2723 - Fortinet issues:   Fixed an issue where Expedition was adding itself as a member when creating default service groups. Fixed an issue where the default services IKE and MS-SQL did not have a proper predefined protocol. Tuned the query to calculate used objects with the same name. Refactored to get the service ports separated by spaces, e.g. set tcp-portrange 88 464. Extended the parser dictionary when reading interfaces. On named VDOM configuration, created the virtual system with the named VDOM (line: vd_name=VdomName).   MT-2721 - SRX issues:   Added support for IPv6 when migrating interface addresses. On multivsys configurations, loaded default Junos applications into the shared VSYS and ensured they were used while reading the application field in the security rules.   MT-2722 - Stonesoft issues:   Fixed an issue where interfaces defined on a cluster were not properly read. Enlarged the exclusion field on the address_group_id table to 8000 bytes. Note that creating a new project is required in order to apply this patch.
View full article
Version 1.2.74 (Date September 29, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.74.all.deb sha1sum 907eee1152e56d53412247e3e6a8fc0629120d24 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.74.all.deb; sudo dpkg -i expedition_1.2.74.all.deb; CHANGELOG Fixing below Bugs: MT-2704: FW/Panorama API. Submit bulk creation in one API call  This particular version includes support for making bulk changes to objects and rules, including security and NAT rules. Please note, when you’re sending rules using the bulk change, all rules will be added to the bottom of the defined vsys/DG. Afterward, you will need to rearrange them either on FW/Panorama or by selecting the correct “order” calls in Expedition. Unfortunately, move operations cannot be included in the bulk change. MT-2712: Support up to ethernet1/44 interfaces for PA 5400 and PA 7000
View full article
Version 1.2.73 (Date September 25, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.73.all.deb sha1sum 6103b49d360a26d24f440362fac440b43f904815 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.73.all.deb; sudo dpkg -i expedition_1.2.73.all.deb; CHANGELOG Fixing below Bugs: MT-2700: STONESOFT parser fixes/improvements: Fixing issue with security rules defining address_match objects as source or destination. Fixing issue to make sure the defined (override) zone on a security rule is used after the translation. MT-2628 | MT-2702 | MT-2709 | MT-2707 - Fortinet parser fixes/improvements: On multi vdoms - making sure the translated security rules are assigned to each defined vdom. On multi vdoms - making sure the objects are created properly and assigned to each defined vdom, avoiding creating invalid duplicated objects. Adding support to read "srcaddr4" and "dstaddr4" as valid commands while translating a security rule. For command "config firewall service custom": set tcp-portrange 8080-8090:0-65535 - make sure the src and dst ports are properly translated. create service group and include TCP and UDP ports from below example: edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 Create UDP service with defined port from below example edit "service.udp.111" set udp-portrange 111 Create TCP service with defined port from below example edit "service.tcp.112" set tcp-portrange 112
View full article
Version 1.2.72 (Date September 9, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.72.all.deb sha1sum bb598b2f93e0651b2f948cde69dce48ea168e40d apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.72.all.deb; sudo dpkg -i expedition_1.2.72.all.deb; CHANGELOG Fixing below Bugs: MT-2692 | MT-2699 - CISCO parser fixes: Being sure we are not including the description of another access-list when after a remark from an access-group does not contain an extended rule. NAT fixing for migrated twice nat. Currently Expedition is creating them as static-ip and with the interface address, instead with the fix the NAT rules are created as dynamic-ip-and-port assigned to the interface. Refactor on internal method to compare address objects. Fixing creating bidirectional NAT rules when they need to be unidirectional. Fixing method to correct security rule service when they are matched with a NAT rule containing any translated service. Comments now allow more special characters.
View full article
Version 1.2.71 (Date August 11, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.71.all.deb sha1sum 2e66a2ca6b3cb5030dfe41af22d50624d1d853d5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.71.all.deb; sudo dpkg -i expedition_1.2.71.all.deb; CHANGELOG Fixing below Bugs: MT-2691 - Checkpoint R80+. Avoid creating a dedicated vsys to store the objects MT-2694 - Checkpoint R80+. Static routes not assigned properly to bond/ae interfaces
View full article
Version 1.2.70 (Date August 4, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.70.all.deb sha1sum df87d6ef9565ad3a13363fdb50beaba93652a950 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.70.all.deb; sudo dpkg -i expedition_1.2.70.all.deb; CHANGELOG Fixing below Bugs: (Refinement) MT-2683 - CISCO - When reading remark section on an access-list Expedition is removing characters: < and >. (Refinement) MT-2684 - CISCO - Source NAT migrated as "dynamic ip" when it should be "dynamic ip and port".
View full article
  • 123 Posts
  • 276 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors