Expedition Release Notes
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Version 1.2.69 (Date July 28, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.69.all.deb sha1sum 7dcfdb7a29fad125406cbe1bd80f640d96a36580 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.69.all.deb; sudo dpkg -i expedition_1.2.69.all.deb; CHANGELOG Fixing below Bugs: MT-2678 - CISCO - DNAT Security rule destination port issue fixed. MT-2683 - CISCO - When reading remark section on an access-list Expedition is removing characters: # and '. MT-2684 - CISCO - Source NAT migrated as "dynamic ip" when it should be "dynamic ip and port". MT-2680 - Checkpoint R77 support for users on Security Rules defined in checkpoint inside the source section as "identity_roles" field. MT-2685 - UI - Support for multiline in Security Rules description.
View full article
Version 1.2.68 (Date July 21, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.68.all.deb sha1sum 816f9c589fdae642737a8a627f0c468433a7f2f4 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.68.all.deb; sudo dpkg -i expedition_1.2.68.all.deb; CHANGELOG Fixing below Bugs: MT-2681 CISCO - When reading remark section on an access-list Expedition is removing characters: '@' and '|'. MT-2679 PANOS parser is not reading source-hip if it is not previously declared in the config. MT-2677 Fixing errors while generating sub-atomic API calls.
View full article
Version 1.2.67 (Date July 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.67.all.deb sha1sum b3e98be950a269754834b747da100909fb4f9a41 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.67.all.deb; sudo dpkg -i expedition_1.2.67.all.deb; CHANGELOG Fixing below Bugs: MT-2673 - Issues with Splunk: 1) Fixing issue introduced on version 1.2.65. 2) Improving print results while downloading Splunk files.
View full article
Version 1.2.66 (Date July 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.66.all.deb sha1sum fa6c79d610fc392b199dd14755a0aaad7af19edb apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.66.all.deb; sudo dpkg -i expedition_1.2.66.all.deb; CHANGELOG Fixing below Bugs: MT-2676: UI issue - Security Rule target is not showing the FW and vsys properly: 1) When target FW is negated it is not shown strikethrough. 2) Target FW only shows one vsys, not all vsys assigned to the target FW.   3) Cloning a Security rule is not cloning the target FW
View full article
Version 1.2.65 (Date July 17, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.65.all.deb sha1sum 454ff2df33ae41fb6929d53648e9d5e733b01b4d apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.65.all.deb; sudo dpkg -i expedition_1.2.65.all.deb; CHANGELOG Fixing below Bugs: MT-2676: UI issue - Security Rule target is not showing the FW and vsys properly: 1) When target FW is negated it is not shown strikethrough. 2) Target FW only shows one vsys, not all vsys assigned to the target FW.   MT-2673 - Issues with Splunk integration: 1) If password contains " or ' then the query to Splunk is failing. 2) We are requesting Splunk results even when Splunk executed query is not returning any record.   MT-2671 - When importing a Stonesoft configuration that is missing the default Template Firewall referenced policy, Expedition is not loading the defined objects and instead it is creating them as implicit. 1) Need to be able to read all objects. 2) Need to report a warning on the monitor when a referenced template is missing from the original configuration.
View full article
Version 1.2.64 (Date June 21, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.64.all.deb sha1sum c990fc90eedf3377592e03a9c59c9e14dd73b088 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.64.all.deb; sudo dpkg -i expedition_1.2.64.all.deb; CHANGELOG Fixing below Bugs: MT-2666 - CISCO - The CISCO mapping file now includes the service 'vxlan/udp/4789' as a default service, which ensures that it is recognized as a known service and not marked as unknown. MT-2669 - CISCO - The default global access-group does not come with a pre-defined tag. MT-2668 - When working on a project that involves multiple sources containing objects with the same name, the process of calculating the used objects takes into account all the objects in the project, rather than only those from the selected source. As a result, this can lead to more objects being identified as used for the selected source. MT-2605: The user interface (UI) feature for making bulk changes to interfaces has been improved to allow for the proper assignment of a template virtual system (vsys) on firewalls. MT-2665: When making bulk changes to interfaces and assigning a new zone, the zone is not updated correctly. This issue has been identified and it is addressed. MT-2667: The machine learning (ML) component is creating new objects (address and services) with a flag of 'used = 0' (unused), when it should be 'used = 1' (used). This issue has been identified and it is fixed.
View full article
Version 1.2.63 (Date June 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.63.all.deb sha1sum 4ef9338ca7ca45d440997215dac87e059ab03ade apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.63.all.deb; sudo dpkg -i expedition_1.2.63.all.deb; CHANGELOG Fixing below Bugs: MT-2661 - The expedition Cisco parser does not make "Inherit from application" the default value for service port objects BUT Expedition is creating them with the override flag as yes. MT-2663 - When doing bulk changes on interfaces and assigning a new VR the VR is not updated correctly with the assigned interfaces
View full article
Version 1.2.62 (Date June 8, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.62.all.deb sha1sum e305d8d7ecc598b3bd428f3b2d00e34d571c37e7 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.62.all.deb; sudo dpkg -i expedition_1.2.62.all.deb; CHANGELOG Fixing below Bugs: MT-2660 - Add proper encoding when creating group-tag security rules attribute on the xml and api-calls
View full article
Version 1.2.61 (Date June 6, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.61.all.deb sha1sum 8b4c8d7eef29fc2d008b31cd02ece94c2e916ee3 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.61.all.deb; sudo dpkg -i expedition_1.2.61.all.deb; CHANGELOG Fixing below Bugs: [MT-2658] - Support for ML log format. Read the third line of the logs to identify the Serial number. Currently Expedition is reading the second line. [MT-2659] - CISCO - Adding support to read access-list included in the defined access-group in the filter-vpn value section.
View full article
Version 1.2.60 (Date May 16, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.60.all.deb sha1sum 5833323869e08f06f8012b3c24bdc26be8ee5370 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.60.all.deb; sudo dpkg -i expedition_1.2.60.all.deb; CHANGELOG Fixing below Bugs: [MT-2586] - Fixed a couple of typos in the description showed to the user when merging rules. Only typos not affecting the feature. [MT-2605] - UI - Added new feature to do bulk changes over interfaces to be able to assign a proper template vsys.  [MT-2637] - UI - ML - Log Connector issues. While defining the LogConnector for a Panorama make sure at least 1 FW is checked for selected DG. [MT-2638] - Stonesoft: 1) Changed the logic to be able to read FW information from a Stonesoft export file even if not all referenced templates are exported in the file. 2) Applied normalisation on FW names when searching a FW by name to read all its data. [MT-2646] - CISCO. "disabled" ACL rules are considered "inactive" so they are migrated as disabled rules. [MT-2648] - CISCO - Bug fixing when reading NAT without services (nat (Zone1,Zone2) static IP no-proxy-arp) and cryptos
View full article
Version 1.2.58 (Date Apr 24, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.58.all.deb sha1sum 01ce1d4ef7026f898bfe3aae0262a258cd903684 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.58.all.deb; sudo dpkg -i expedition_1.2.58.all.deb; CHANGELOG Fixing below Bugs: [MT-2625] - Issue while merging groups (address and services) by name having child DG selected. Expedition was taking as common parent the selected DG. Improvements on Juniper SRX parser: [MT-2624] - Juniper SRX support for multi-vsys configurations, supporting tag <logical-systems>.
View full article
Version 1.2.57 (Date Apr 14, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.57.all.deb sha1sum 651a1e8f09d8d1cf84950c30a96a0ecb6ad7de0f apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.57.all.deb; sudo dpkg -i expedition_1.2.57.all.deb; CHANGELOG Fixing below Bugs: CISCO: [MT-2597] - CISCO - NAT - Fixing issue when the ACL is something like this: nat (any,any) source static X X' destination static Y Y' unidirectional. Taking care of the "unidirectional" so we are not creating the inbound rule. [MT-2622] - CISCO - Fixing error introduced with MT-2493. nat (zone1,zone2) source static X X' should be translated as a bidirectional NAT. CHECKPOINT R80+: [MT-2618] - Exclusion address groups are not calculating the proper included addresses. CHECKPOINT R77: [MT-2612] - Given a checkpoint hidden-NAT create a NO-NAT rule when the address is not a host (/32).
View full article
Version 1.2.56 (Date Apr 3, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb sha1sum 4e684985e887d87fa3bbcc570004c9ef9f835aa6 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb; sudo dpkg -i expedition_1.2.56.all.deb; CHANGELOG Fixing below Bugs: GENERAL: [MT-2598] - Autozone feature was creating duplicate NAT rules in case resulting destination to zone contains more than 1 member. Expedition was not checking if the required clone NAT rules was already created on the project. [MT-2602] - Installer - Remove warnings when unpacking the installer file. FORTINET:  [MT-2588] - Fortinet - NAT and VIP rules conversion issues: 1) NAT with multi services. Expedition is now creating (not repeated) service_groups with all services defined and adding a log warning message. 2) Converting VIP to: U-Turn and bidirectional static NAT. Note: SNAT and DNAT rules will be created disabled, so user can delete them after checking it. 3) NAT getting and reading more than 1 TP Source. 4) Removing PHP warnings found during execution on /tmp/error file (not defined variables, casting issues, ...). CISCO: [MT-2595] - CISCO - Avoid creating a zone without a name due to the cisco interface is not declaring any name (command no nameif) [MT-2597] - CISCO - NAT policy. Missing to create an inbound nat rule when ACL is " nat (any,any) source static X X' destination static Y Y' " CHECKPOINT R80+: [MT-2599] - Checkpoint - Below interfaces issues when a policy contains lots of firewalls/gateways: 1) There was no option to tell Expedition which FW interfaces it should use, instead Expedition is getting all defined FW on the policy: Workaround: Created a script that given the export config and a list of Firewalls, it generates a new export config maintaining only the required firewalls (OS/scripts/checkpoint_r80_util_remove_gateways.php). 2) When reading duplicated interfaces by name but in different FW/gateway Expedition was only getting the last address. Currently we are getting all them. [MT-2600] - Checkpoint - Sec rules defined on sub-policies with users were not exported properly.
View full article
Version 1.2.55 (Date Mar 8, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.55.all.deb sha1sum 93c4d51b02a19584a28b234cb051313dc8869c0b apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.55.all.deb; sudo dpkg -i expedition_1.2.55.all.deb; CHANGELOG Bugs MT-2460 - Disabled call to Telemetry to avoid issues due to DNS timeout MT-2549 - Improvements and bug fixing when merging address_group and service_group by value, name and name&value, see below details: 1) On FW config: Creating shared vsys, if it does not exist, when resulting merged group object needs to be placed into shared. 2) On Panorama config: Calculating the proper DG based on Panorama DG hierarchy. 3) Avoid creating a group with duplicated members inside (only considering simple objects not groups). 4) When merging by value make sure the resulting group object contains the description from all merged objects.
View full article
Version 1.2.54 (Date Mar 7, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.54.all.deb sha1sum 3d2dacccc20bd16a04415a51d0ccd0ca014ce102 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.54.all.deb; sudo dpkg -i expedition_1.2.54.all.deb; CHANGELOG Bugs MT-2460 - Fixing Auth issue disabling Telemetry
View full article
Version 1.2.53 (Date Mar 2, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.53.all.deb sha1sum 0e55b7af6901c67e33f9ea98e5cbac60b538d1cd apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.53.all.deb; sudo dpkg -i expedition_1.2.53.all.deb; CHANGELOG Bugs [MT-2580] - ML/RE - Override M.Learning settings on devices managed by Panorama is not transferring all ML options to its connected devices [MT-2485] - ML/RE - Crate a TAG (M.Learning) to identify new addresses, services and rules created by ML/RE [MT-2583] - ML/RE - Added samples for syslog server configuration to split logs per FW/Serial number [MT-2579] - UI - Sec Rule editing window is not loading all data [MT-2584] - CHECKPOINT R81 - Address objects created from a checkpoint dns-domain object have a name with more than 63 characters Improvement   [MT-2562, MT-2576] - CHECKPOINT R81 - Added feature to read sec rule users and AWS tags as dynamic address groups
View full article
Version 1.2.52 (Date Feb 20, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.52.all.deb sha1sum 323d78790dd69cac76a00da999befb56a79e49d7 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.52.all.deb; sudo dpkg -i expedition_1.2.52.all.deb; CHANGELOG Bugs [MT-2573] - UI - ML view is not displaying all FW assigned to the LogConnector [MT-2575] - UI - Service Groups Actions > Replace by Group is only showing the first 50 service groups
View full article
Version 1.2.51 (Date Feb 10, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.51.all.deb sha1sum ebbd84bbf31893e7df549f6560c55f4d0e99510b apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.51.all.deb; sudo dpkg -i expedition_1.2.51.all.deb; CHANGELOG Improvement [MT-2563] - Added support for CISCO ASA migrating group21. NOTE: RECOMMENDED_PANOS_VERSION setting or imported PAN-OS base config should be 10.0 or above. Bugs [MT-2560] - Fixed PAN-OS 11.x syslog support for ML. [MT-2561] - Fixed filter on service object by "name and value" not showing all duplicated records. [MT-2566] - Fixed ScreenOS being stucked due to not found address object when creating address group objects.
View full article
Version 1.2.50 (Date Feb 1, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.50.all.deb sha1sum 7688b750fcfd55b29706d9e76b99840065fb08db apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.50.all.deb; sudo dpkg -i expedition_1.2.50.all.deb; CHANGELOG Bugs MT-2491 - Interfaces not properly gathered when editing a static route. Fixed the limit showing filtered first 50 interfaces. MT-2557 - Address Groups Actions > Replace by Group Fixed the limit showing the first 50 address groups. MT-2475 - Panoramas devices added as Panoramas to the list of panoramas.
View full article
Version 1.2.49 (Date Jan 23, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.49.all.deb sha1sum cd194a8b8bfabf9730153040d08fe3cb64cb3f88 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.49.all.deb; sudo dpkg -i expedition_1.2.49.all.deb; CHANGELOG Bugs [MT-2524] - 1.2.49 - Installer - CVE-2022-37026 - Making sure new Installations get the latest version of Erlang and RabbitMQ. More information here: https://live.paloaltonetworks.com/t5/expedition-articles/how-to-address-cve-2022-37026-vulnerability-in-expedition/ta-p/524133 [MT-2542] - 1.2.49 - AutoZone is not working properly for addresses typed as ip-ranges. [MT-2516] - 1.2.49 - CISCO - DNAT - New cloned Security rules need to contain the nat_services instead of translated ones. [MT-2533] - 1.2.49 - Checkpoint R80+ - Unsupported interfaces defined on Checkpoint "host" type objects. [MT-2537] - 1.2.49 - Checkpoint R80+ - Supporting session-timeout override on tcp-service object. [MT-2548] - 1.2.49 - Checkpoint R80+ - Static routes are not created properly when routing file contains non-ascii characters [MT-2551] - 1.2.49 - Checkpoint R80+ - Translation of Checkpoint's 'cluster-member' object. From now on 'cluster-member' interfaces are translated into Hosts instead of Subnets to assure the intended use from Checkpoint. New feature [MT-2532] - 1.2.49 - VPN IKE and IPSEC SA support on DHGroup 21 for PANOS 10.0+.
View full article
Version 1.2.48 (Date Dec 23, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.48.all.deb sha1sum 15f02fcb168d1f58a66335b3b793696ca1806973 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.48.all.deb; sudo dpkg -i expedition_1.2.48.all.deb;   CHANGELOG New feature / Bugs [MT-2513] - APP-ID Adoptions on v10.2.x and v11.0.x stuck at generating report. Using GET API method instead of PUT. [MT-2523] - Avoid showing twice 'shared' vsys on the dropdown menu [MT-2526] - Expedition is not removing the Panorama devices once they are imported, even if they are removed from Panorama [MT-2528] - Merge by name (on address group) is not working as expected [MT-2516] - CISCO ASA - DNAT Sec Rule was not created due to service mismatch between the sec and NAT rule. [MT-2525] - Juniper SRX - Tunnel interface is not updated in the zones [MT-2527] - Juniper SRX - Cloning NAT policy when it has more than one TO destination zone [MT-2530] - CHECKPOINT R80+. Interfaces and static routes creation change. Interfaces and their addresses are created from the gateway definition (inside the .gz file). Statics routes are created from the provided route file (optional file).
View full article
Version 1.2.47 (Date Dec 12, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.47.all.deb sha1sum e5d19356caef3afc0b50fe0db3c3c575a2f53545 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.47.all.deb; sudo dpkg -i expedition_1.2.47.all.deb;   CHANGELOG New feature [MT-2520] - (recompiled) Updated LogCoCo component to be able to read files from PAN-OS 11
View full article
Version 1.2.46 (Date Dec 11, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.46.all.deb sha1sum bde852471c279e4eee6ff3b315f18c494dcde8a5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.46.all.deb; sudo dpkg -i expedition_1.2.46.all.deb;   CHANGELOG Bug [MT-2517] - JuniperSRX tunnel interface on the static route did not update with the proper remapped interface name when doing the conversion. [MT-2519] - JuniperSRX - Updated XML tag to read NAT source [MT-2522] - Performance issue on big configuration when looking for duplicates (name, value and name and value) New feature [MT-2520] - Updated LogCoCo component to be able to read files from PAN-OS 11.
View full article
Version 1.2.45 (Date Nov 28, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.45.all.deb sha1sum a09d784f9e5075ed49b25a3e8fbf649bc8ac9352 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.45.all.deb; sudo dpkg -i expedition_1.2.45.all.deb;   CHANGELOG Bug MT-2512 - AutoZone feature - Security rule zones not properly calculated based on NAT when address object (src/dst) is an IP range
View full article
Version 1.2.44 (Date Nov 21, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.44.all.deb sha1sum 11ed9b7622e2940aa371e59a0d2bffb700b7d953 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.44.all.deb; sudo dpkg -i expedition_1.2.44.all.deb;   CHANGELOG Bug MT-2510 Update default applications and applications container to 2022/16/11 content used when creating a new Expedition project without a defined device.
View full article
Version 1.2.43 (Date Nov 14, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.43.all.deb sha1sum acfdcbe8bd3fe05eb2343c1a03d0bfea4a30f950 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.43.all.deb; sudo dpkg -i expedition_1.2.43.all.deb;   CHANGELOG Bug MT-2506 - Clone service object with custom value. When cloning a Service Expedition was not considering all Service attributes for the cloned service.
View full article
Version 1.2.42 (Date Nov 8, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.42.all.deb sha1sum a2a74efc375a0533378c2aef995a2d1ab0d45173 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.42.all.deb; sudo dpkg -i expedition_1.2.42.all.deb;   CHANGELOG Improvements MT-2504 - FORTINET - Expedition was expecting policies to be defined on the section "config firewall policy" but new Fortinet version contains policies ALSO in the section "config firewall security-policy". Added support to read both "sections" as Fortinet could have policies defined on both of them. Bug MT-2501 - STONESOFT - Reading address objects domain_name twice. Expedition is creating duplicated entries for address object typed as domain_name. Resulting on having duplicated address objects by name. MT-2500/MT-2493/MT-2502: CISCO NAT issues: A NAT rule with an address group as original source and a single address as translated source could not be defined as static-ip, instead the NAT rule is defined as dynamic-ip-and-port. Example: nat (in, out) source static Network-Group Network-address destination static Network-Destination Network-Destination A NAT rule containing address groups as source, destination, translated source or translated destination named DM_INLINE* are replaced by its address members. A NAT rule with an address group as original source and an address group as translated source having different names BUT with the same members is considered a no source NAT. Example: object-group network DM_INLINE_NETWORK_1 network-object object 1.2.2.2 network-object object 1.1.1.1 object-group network DM_INLINE_NETWORK_2 network-object object 1.2.2.2 network-object object 1.1.1.1 nat (in, out) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_2 destination static Network-Destination Network-Destination A NAT rule with the same original and translated destination (without port translation) is not considered as DNAT rule, also translated destination is set to none. Example: nat (in, out) source static Original-Source TP-Source destination static Network-Destination Network-Destination A NAT rule with a bidirectional source translation and a destination translation (original and translated destination are NOT the same) is created as a NAT rule in Expedition with a Monitor log and the bidirectional flag disabled.
View full article
Version 1.2.41 (Date Oct 17, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.41.all.deb sha1sum 70fb47e16915afb0192d62d75204beef8fa40980 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.41.all.deb; sudo dpkg -i expedition_1.2.41.all.deb;   CHANGELOG Bug [MT-2481] - Can't retrieve latest content or connected devices from Panorama device - PAN-OS 10.2.2. Changed device API call to use GET instead of POST method.
View full article
Version 1.2.40 (Date Oct 11, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.40.all.deb sha1sum 3e1aa689b9f3de65759675fd91983c04725049da apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.40.all.deb; sudo dpkg -i expedition_1.2.40.all.deb;   CHANGELOG Bug [MT-2487] - 1.2.40 - STONESOFT - Error while skipping " ' " on NAT comments that results in missing NAT rules during the migration. [MT-2459] - [MT-2477] - 1.2.40 - Checkpoint - Exclusion address groups are missing members. [MT-2473] - 1.2.40 - CiscoASA - Skipping "_" when object's name are starting with that character. [MT-2480] - 1.2.40 - CiscoASA - IPsec crypto profiles missing encryption and authentication. [MT-2469] - 1.2.40 - Zones not properly calculated when doing the ZoneCalculation. [MT-2475] - 1.2.40 - Devices configuration - Panorama tab is disabled for M200 device. [MT-2478] - 1.2.40 - Network objects management: Interfaces, virtual routers and static routes get unlinked for multi-vsys configurations. Added filters and validations while creating and updating interfaces, virtual routers and static routes. [MT-2484] - 1.2.40 - Address merge is stuck while cleaning duplicated used address on address_groups. [MT-2488] - 1.2.40 - Avoid proposing for merge rules that belongs to different DG (unless "all" is selected as DG).
View full article
Version 1.2.39 (Date Sep 26, 2022) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.39.all.deb sha1sum d6cb728dd4c0abe70854f1bca68ddc1cac308a7e apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.39.all.deb; sudo dpkg -i expedition_1.2.39.all.deb;   CHANGELOG Bug [MT-2462] - Flag Used and Unused objects feature. When an object is used we are also flagging its duplicated by name objects. [MT-2465] - Ipsec crypto profiles created on Expedition not merged in the output xml file. [MT-2467] - GetConnectedDevices feature is not always working when device is flagged as connected to Panorama. [MT-2476] - CHECKPOINT - Avoiding PHP warning when reading NAT rule with equal translate and original src.
View full article
  • 123 Posts
  • 276 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors