Expedition Release Notes
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Version 1.2.85 (Date February 21, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.85.all.deb sha1sum bec556485dc2d1815654e16130247526de2e81aa apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.85.all.deb; sudo dpkg -i expedition_1.2.85.all.deb; CHANGELOG Fixing below Bugs: Merge Sec rules feature: We have added logic to consider the attributes "schedules" and "security profiles" when merging security rules. ML/RE feature: Resolved a bug that was causing the duplication of the "M.Learning" tag for imported objects (security rules, addresses, services, etc.) during the ML/RE process. This issue has been fixed. CHECKPOINT R80+: Fixed a bug that was not properly taking into account the negate source or destination on sub-policies (inline). Now, when reading a child rule, if it has "any" as the source or destination, it will correctly consider the defined parent source or destination, including any negations. However, if the child rule specifies a specific source or destination, Expedition will keep them unchanged. Additionally, we have added a note to indicate that the parent rule had a "negate" source or destination. STONESOFT: Addressed issues related to uploading a zip file containing non-XML files. Previously, the validation of XML files was storing errors for all files, not just the one being processed. We have now implemented a clean-up mechanism to ensure that only errors relevant to the processed file are stored. SRX: Fixed a bug in reading SRX NAT rules, ensuring the proper migration of destination addresses. BPA not working: Fixed the installer and script to install the necessary dependencies for BPA (Best Practice Assessment). To resolve this issue, please execute the script located at /var/www/html/OS/BPA/updateBPA306.sh.
View full article
Version 1.2.84 (Date January 29, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.84.all.deb sha1sum 2cfd97e7c06ce6bd1a0b4623695a4f8d0d0c7ab5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.84.all.deb; sudo dpkg -i expedition_1.2.84.all.deb; CHANGELOG Fixing below Bugs: Checkpoint R77 Fixing conversion for address groups migrated as 1.1.1.1 Fortinet. Added support for below ipv6 Fortinet tags: vip6: address object vipgrp6: address group object addrgrp6: address group object static6: static route Checkpoint R81.  Adding more information into the monitor tab when migrating Checkpoint security rules using application-site objects.  Currently the original application-site name is included in the warning so it can be easily replaced by an url-category or AppId. Reverted from last version that all checkpoint host are created with cidr 32.
View full article
Version 1.2.83 (Date January 09, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.83.all.deb sha1sum 26fd5f16a1acd5fc863a49b45d10cbc43b5d05ee apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.83.all.deb; sudo dpkg -i expedition_1.2.83.all.deb; CHANGELOG Fixing below Bugs: MT-2739 - Checkpoint R80+. Fixed below bugs: 1) Avoid creating duplicated members on exclusion group addresses. 2) Checked the length for the address group name created when reading fqdn/dns-domain objects. 3) Checked the method isAinB. 4) Checked the DNAT logic to avoid creating shadowed rules.
View full article
Version 1.2.82 (Date January 05, 2024) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.82.all.deb sha1sum c1ae806e4376616f4b9fabade7097c7bfc256606 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.82.all.deb; sudo dpkg -i expedition_1.2.82.all.deb; CHANGELOG Fixing below Bugs: MT-2741 - CISCO. Fixed below bugs: 1) Adding support for alias being used as subnets in address-group definition. i.e: names name 10.1.1.0 SC_BCN object-group network SITE_BCN network-object SC_BCN 255.255.255.128   MT-2739 - Checkpoint R80+. Fixed below bugs: 1) Address group defined as exclusion group but without exception members. Added a fix so the group is now managed as any other exclusion group, getting as result members typed as range IP. 2) Added a log/monitor for NAT rules with DAT type static but using as DAT address an address-group. 3) When applying DNAT logic avoid creating shadow rules. Instead applying below logic: Check if current Security Rules matches the NAT rule, if so add a warning to trace it to the specific NAT rule and the DNAT tag as well. Check if cloned security rules from an specific security rule can be merged by destination and service. Check and make sure the cloned security rules contain the required "to" zones based on destinations. 4) Refactor on internal functions to compare if a list of objects is included in another list of objects (isAinB and isAinBservice).   MT-2728 - Checkpoint R77 - Fixed below bugs: 1) Fixing bug when reading ipv6 addresses.   MT-2742 - Screenos - Fixed below bugs: 1) Fixing bug for Screenos to manage Global zone as any 2) Fixing bug for Screenos managing static routes in ipv6 syntax
View full article
Version 1.2.81 (Date November 29, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.81.all.deb sha1sum 34c17d2a70d8b8b765f9266dd41a1a5dbbd58538 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.81.all.deb; sudo dpkg -i expedition_1.2.81.all.deb; CHANGELOG Fixing below Bugs: MT-2705 - Fixing on API Manager to show all API calls status (issue identified quick calls).
View full article
Version 1.2.80 (Date November 28, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.80.all.deb sha1sum b94d4f1808cd33983b8dc1bb8be0c0ea3d65a416 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.80.all.deb; sudo dpkg -i expedition_1.2.80.all.deb; CHANGELOG Fixing below Bugs: MT-2705 - Making sure the API Calls work with all current PANOS versions. MT-2736 - ML-RE - Log Analyser bug fixing - reading files with spaces on the name. Adding proper error message   Checkpoint R80+ bug fixing:   MT-2715 - Domain objects to FQDN objects migration bug fixing: 1. Avoid creating duplicated FQDN. 2. Support for .*. Domain objects. 3. Avoid creating FQDN address and address group with same names.   MT-2734 - When migrating Checkpoint Global Domain Access Layer, Expedition is creating a dedicated vsys for the access layer with policies and network objects. Instead policies should be created at the shared vsys and network objects on the main vsys. Also added logic so policies on shared are available on the Export drag and drop tree.   SCREENOS bug fixing: MT-2735 - VR was not containing all assigned interfaces.
View full article
Version 1.2.79 (Date November 05, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.79.all.deb sha1sum 5129ad210ce5f0ffe28337ddb51b2c8faec8f4b5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.79.all.deb; sudo dpkg -i expedition_1.2.79.all.deb; CHANGELOG Fixing below Bugs: MT-2733 - Checkpoint issues: 1) FQDN are created twice. With correct URL and with 1.1.1.1 value. Also some FDQN are created invalid starting with ".." or www.www. 2) Security rules created after fixing the destination based on matching NAT rule contains the from zone coming from the NAT rule instead of the original security rule.
View full article
Version 1.2.78 (Date October 26, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.78.all.deb sha1sum 612841019586bc13d4fcf4edbd369538bed82c87 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.78.all.deb; sudo dpkg -i expedition_1.2.78.all.deb; CHANGELOG Fixing below Bugs: MT-2727 - Capability to export Source and Destination regions while getting the proposed rules after executing ML analysis. MT-2726 - Fortinet issues fixed/improving: UDP services not taking properly the portrange Support for ipv6 address as src or dst in security rules
View full article
Version 1.2.77 (Date October 19, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.77.all.deb sha1sum 8cb97dcb3aea9f65547c01205e50e09e2d4cbf31 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.77.all.deb; sudo dpkg -i expedition_1.2.77.all.deb; CHANGELOG Fixing below Bugs: MT-2719 - Revert tuning on the query to set as used objects with the same name to make it compatible with all Mysql versions. MT-2725 - Fortinet - When reading static routes on a Fortinet configuration the static route is not created with the proper value of ip version. That cause that the static route is not added into the PANOS XML / neither the API calls.
View full article
Version 1.2.76 (Date October 17, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.76.all.deb sha1sum 36ff8cfa861f4c5a83b414dd7f82363fdd0b0dce apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.76.all.deb; sudo dpkg -i expedition_1.2.76.all.deb; CHANGELOG Fixing below Bugs: MT-2724 - Checkpoint R80+ issues: 1) When checkpoint is including more than one policy, network information is not properly generated to the main vsys 2) Application policy is not created disabled (global disable) 3) Nested address_groups defined as checkpoint type "checkpoint-host" are not properly created.
View full article
Version 1.2.75 (Date October 12, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.75.all.deb sha1sum 22614db56cb39826647142b88a6e8fd0c37dcd65 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.75.all.deb; sudo dpkg -i expedition_1.2.75.all.deb; CHANGELOG Fixing below Bugs: MT-2720 - CISCO issues: Fixed an issue where Expedition was disabling rules that should not be disabled. Specifically, when reading a rule that had log disabled, Expedition was disabling the rule when the disable was applying to the log feature but not to the rule itself.   MT-2719 - MT-2723 - Fortinet issues:   Fixed an issue where Expedition was adding itself as a member when creating default service groups. Fixed an issue where the default services IKE and MS-SQL did not have a proper predefined protocol. Tuned the query to calculate used objects with the same name. Refactored to get the service ports separated by spaces, e.g. set tcp-portrange 88 464. Extended the parser dictionary when reading interfaces. On named VDOM configuration, created the virtual system with the named VDOM (line: vd_name=VdomName).   MT-2721 - SRX issues:   Added support for IPv6 when migrating interface addresses. On multivsys configurations, loaded default Junos applications into the shared VSYS and ensured they were used while reading the application field in the security rules.   MT-2722 - Stonesoft issues:   Fixed an issue where interfaces defined on a cluster were not properly read. Enlarged the exclusion field on the address_group_id table to 8000 bytes. Note that creating a new project is required in order to apply this patch.
View full article
Version 1.2.74 (Date September 29, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.74.all.deb sha1sum 907eee1152e56d53412247e3e6a8fc0629120d24 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.74.all.deb; sudo dpkg -i expedition_1.2.74.all.deb; CHANGELOG Fixing below Bugs: MT-2704: FW/Panorama API. Submit bulk creation in one API call  This particular version includes support for making bulk changes to objects and rules, including security and NAT rules. Please note, when you’re sending rules using the bulk change, all rules will be added to the bottom of the defined vsys/DG. Afterward, you will need to rearrange them either on FW/Panorama or by selecting the correct “order” calls in Expedition. Unfortunately, move operations cannot be included in the bulk change. MT-2712: Support up to ethernet1/44 interfaces for PA 5400 and PA 7000
View full article
Version 1.2.73 (Date September 25, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.73.all.deb sha1sum 6103b49d360a26d24f440362fac440b43f904815 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.73.all.deb; sudo dpkg -i expedition_1.2.73.all.deb; CHANGELOG Fixing below Bugs: MT-2700: STONESOFT parser fixes/improvements: Fixing issue with security rules defining address_match objects as source or destination. Fixing issue to make sure the defined (override) zone on a security rule is used after the translation. MT-2628 | MT-2702 | MT-2709 | MT-2707 - Fortinet parser fixes/improvements: On multi vdoms - making sure the translated security rules are assigned to each defined vdom. On multi vdoms - making sure the objects are created properly and assigned to each defined vdom, avoiding creating invalid duplicated objects. Adding support to read "srcaddr4" and "dstaddr4" as valid commands while translating a security rule. For command "config firewall service custom": set tcp-portrange 8080-8090:0-65535 - make sure the src and dst ports are properly translated. create service group and include TCP and UDP ports from below example: edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 Create UDP service with defined port from below example edit "service.udp.111" set udp-portrange 111 Create TCP service with defined port from below example edit "service.tcp.112" set tcp-portrange 112
View full article
Version 1.2.72 (Date September 9, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.72.all.deb sha1sum bb598b2f93e0651b2f948cde69dce48ea168e40d apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.72.all.deb; sudo dpkg -i expedition_1.2.72.all.deb; CHANGELOG Fixing below Bugs: MT-2692 | MT-2699 - CISCO parser fixes: Being sure we are not including the description of another access-list when after a remark from an access-group does not contain an extended rule. NAT fixing for migrated twice nat. Currently Expedition is creating them as static-ip and with the interface address, instead with the fix the NAT rules are created as dynamic-ip-and-port assigned to the interface. Refactor on internal method to compare address objects. Fixing creating bidirectional NAT rules when they need to be unidirectional. Fixing method to correct security rule service when they are matched with a NAT rule containing any translated service. Comments now allow more special characters.
View full article
Version 1.2.71 (Date August 11, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.71.all.deb sha1sum 2e66a2ca6b3cb5030dfe41af22d50624d1d853d5 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.71.all.deb; sudo dpkg -i expedition_1.2.71.all.deb; CHANGELOG Fixing below Bugs: MT-2691 - Checkpoint R80+. Avoid creating a dedicated vsys to store the objects MT-2694 - Checkpoint R80+. Static routes not assigned properly to bond/ae interfaces
View full article
Version 1.2.70 (Date August 4, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.70.all.deb sha1sum df87d6ef9565ad3a13363fdb50beaba93652a950 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.70.all.deb; sudo dpkg -i expedition_1.2.70.all.deb; CHANGELOG Fixing below Bugs: (Refinement) MT-2683 - CISCO - When reading remark section on an access-list Expedition is removing characters: < and >. (Refinement) MT-2684 - CISCO - Source NAT migrated as "dynamic ip" when it should be "dynamic ip and port".
View full article
Version 1.2.69 (Date July 28, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.69.all.deb sha1sum 7dcfdb7a29fad125406cbe1bd80f640d96a36580 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.69.all.deb; sudo dpkg -i expedition_1.2.69.all.deb; CHANGELOG Fixing below Bugs: MT-2678 - CISCO - DNAT Security rule destination port issue fixed. MT-2683 - CISCO - When reading remark section on an access-list Expedition is removing characters: # and '. MT-2684 - CISCO - Source NAT migrated as "dynamic ip" when it should be "dynamic ip and port". MT-2680 - Checkpoint R77 support for users on Security Rules defined in checkpoint inside the source section as "identity_roles" field. MT-2685 - UI - Support for multiline in Security Rules description.
View full article
Version 1.2.68 (Date July 21, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.68.all.deb sha1sum 816f9c589fdae642737a8a627f0c468433a7f2f4 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.68.all.deb; sudo dpkg -i expedition_1.2.68.all.deb; CHANGELOG Fixing below Bugs: MT-2681 CISCO - When reading remark section on an access-list Expedition is removing characters: '@' and '|'. MT-2679 PANOS parser is not reading source-hip if it is not previously declared in the config. MT-2677 Fixing errors while generating sub-atomic API calls.
View full article
Version 1.2.67 (Date July 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.67.all.deb sha1sum b3e98be950a269754834b747da100909fb4f9a41 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.67.all.deb; sudo dpkg -i expedition_1.2.67.all.deb; CHANGELOG Fixing below Bugs: MT-2673 - Issues with Splunk: 1) Fixing issue introduced on version 1.2.65. 2) Improving print results while downloading Splunk files.
View full article
Version 1.2.66 (Date July 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.66.all.deb sha1sum fa6c79d610fc392b199dd14755a0aaad7af19edb apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.66.all.deb; sudo dpkg -i expedition_1.2.66.all.deb; CHANGELOG Fixing below Bugs: MT-2676: UI issue - Security Rule target is not showing the FW and vsys properly: 1) When target FW is negated it is not shown strikethrough. 2) Target FW only shows one vsys, not all vsys assigned to the target FW.   3) Cloning a Security rule is not cloning the target FW
View full article
Version 1.2.65 (Date July 17, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.65.all.deb sha1sum 454ff2df33ae41fb6929d53648e9d5e733b01b4d apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.65.all.deb; sudo dpkg -i expedition_1.2.65.all.deb; CHANGELOG Fixing below Bugs: MT-2676: UI issue - Security Rule target is not showing the FW and vsys properly: 1) When target FW is negated it is not shown strikethrough. 2) Target FW only shows one vsys, not all vsys assigned to the target FW.   MT-2673 - Issues with Splunk integration: 1) If password contains " or ' then the query to Splunk is failing. 2) We are requesting Splunk results even when Splunk executed query is not returning any record.   MT-2671 - When importing a Stonesoft configuration that is missing the default Template Firewall referenced policy, Expedition is not loading the defined objects and instead it is creating them as implicit. 1) Need to be able to read all objects. 2) Need to report a warning on the monitor when a referenced template is missing from the original configuration.
View full article
Version 1.2.64 (Date June 21, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.64.all.deb sha1sum c990fc90eedf3377592e03a9c59c9e14dd73b088 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.64.all.deb; sudo dpkg -i expedition_1.2.64.all.deb; CHANGELOG Fixing below Bugs: MT-2666 - CISCO - The CISCO mapping file now includes the service 'vxlan/udp/4789' as a default service, which ensures that it is recognized as a known service and not marked as unknown. MT-2669 - CISCO - The default global access-group does not come with a pre-defined tag. MT-2668 - When working on a project that involves multiple sources containing objects with the same name, the process of calculating the used objects takes into account all the objects in the project, rather than only those from the selected source. As a result, this can lead to more objects being identified as used for the selected source. MT-2605: The user interface (UI) feature for making bulk changes to interfaces has been improved to allow for the proper assignment of a template virtual system (vsys) on firewalls. MT-2665: When making bulk changes to interfaces and assigning a new zone, the zone is not updated correctly. This issue has been identified and it is addressed. MT-2667: The machine learning (ML) component is creating new objects (address and services) with a flag of 'used = 0' (unused), when it should be 'used = 1' (used). This issue has been identified and it is fixed.
View full article
Version 1.2.63 (Date June 18, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.63.all.deb sha1sum 4ef9338ca7ca45d440997215dac87e059ab03ade apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.63.all.deb; sudo dpkg -i expedition_1.2.63.all.deb; CHANGELOG Fixing below Bugs: MT-2661 - The expedition Cisco parser does not make "Inherit from application" the default value for service port objects BUT Expedition is creating them with the override flag as yes. MT-2663 - When doing bulk changes on interfaces and assigning a new VR the VR is not updated correctly with the assigned interfaces
View full article
Version 1.2.62 (Date June 8, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.62.all.deb sha1sum e305d8d7ecc598b3bd428f3b2d00e34d571c37e7 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.62.all.deb; sudo dpkg -i expedition_1.2.62.all.deb; CHANGELOG Fixing below Bugs: MT-2660 - Add proper encoding when creating group-tag security rules attribute on the xml and api-calls
View full article
Version 1.2.61 (Date June 6, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.61.all.deb sha1sum 8b4c8d7eef29fc2d008b31cd02ece94c2e916ee3 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.61.all.deb; sudo dpkg -i expedition_1.2.61.all.deb; CHANGELOG Fixing below Bugs: [MT-2658] - Support for ML log format. Read the third line of the logs to identify the Serial number. Currently Expedition is reading the second line. [MT-2659] - CISCO - Adding support to read access-list included in the defined access-group in the filter-vpn value section.
View full article
Version 1.2.60 (Date May 16, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.60.all.deb sha1sum 5833323869e08f06f8012b3c24bdc26be8ee5370 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.60.all.deb; sudo dpkg -i expedition_1.2.60.all.deb; CHANGELOG Fixing below Bugs: [MT-2586] - Fixed a couple of typos in the description showed to the user when merging rules. Only typos not affecting the feature. [MT-2605] - UI - Added new feature to do bulk changes over interfaces to be able to assign a proper template vsys.  [MT-2637] - UI - ML - Log Connector issues. While defining the LogConnector for a Panorama make sure at least 1 FW is checked for selected DG. [MT-2638] - Stonesoft: 1) Changed the logic to be able to read FW information from a Stonesoft export file even if not all referenced templates are exported in the file. 2) Applied normalisation on FW names when searching a FW by name to read all its data. [MT-2646] - CISCO. "disabled" ACL rules are considered "inactive" so they are migrated as disabled rules. [MT-2648] - CISCO - Bug fixing when reading NAT without services (nat (Zone1,Zone2) static IP no-proxy-arp) and cryptos
View full article
Version 1.2.58 (Date Apr 24, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.58.all.deb sha1sum 01ce1d4ef7026f898bfe3aae0262a258cd903684 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.58.all.deb; sudo dpkg -i expedition_1.2.58.all.deb; CHANGELOG Fixing below Bugs: [MT-2625] - Issue while merging groups (address and services) by name having child DG selected. Expedition was taking as common parent the selected DG. Improvements on Juniper SRX parser: [MT-2624] - Juniper SRX support for multi-vsys configurations, supporting tag <logical-systems>.
View full article
Version 1.2.57 (Date Apr 14, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.57.all.deb sha1sum 651a1e8f09d8d1cf84950c30a96a0ecb6ad7de0f apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.57.all.deb; sudo dpkg -i expedition_1.2.57.all.deb; CHANGELOG Fixing below Bugs: CISCO: [MT-2597] - CISCO - NAT - Fixing issue when the ACL is something like this: nat (any,any) source static X X' destination static Y Y' unidirectional. Taking care of the "unidirectional" so we are not creating the inbound rule. [MT-2622] - CISCO - Fixing error introduced with MT-2493. nat (zone1,zone2) source static X X' should be translated as a bidirectional NAT. CHECKPOINT R80+: [MT-2618] - Exclusion address groups are not calculating the proper included addresses. CHECKPOINT R77: [MT-2612] - Given a checkpoint hidden-NAT create a NO-NAT rule when the address is not a host (/32).
View full article
Version 1.2.56 (Date Apr 3, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb sha1sum 4e684985e887d87fa3bbcc570004c9ef9f835aa6 apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.56.all.deb; sudo dpkg -i expedition_1.2.56.all.deb; CHANGELOG Fixing below Bugs: GENERAL: [MT-2598] - Autozone feature was creating duplicate NAT rules in case resulting destination to zone contains more than 1 member. Expedition was not checking if the required clone NAT rules was already created on the project. [MT-2602] - Installer - Remove warnings when unpacking the installer file. FORTINET:  [MT-2588] - Fortinet - NAT and VIP rules conversion issues: 1) NAT with multi services. Expedition is now creating (not repeated) service_groups with all services defined and adding a log warning message. 2) Converting VIP to: U-Turn and bidirectional static NAT. Note: SNAT and DNAT rules will be created disabled, so user can delete them after checking it. 3) NAT getting and reading more than 1 TP Source. 4) Removing PHP warnings found during execution on /tmp/error file (not defined variables, casting issues, ...). CISCO: [MT-2595] - CISCO - Avoid creating a zone without a name due to the cisco interface is not declaring any name (command no nameif) [MT-2597] - CISCO - NAT policy. Missing to create an inbound nat rule when ACL is " nat (any,any) source static X X' destination static Y Y' " CHECKPOINT R80+: [MT-2599] - Checkpoint - Below interfaces issues when a policy contains lots of firewalls/gateways: 1) There was no option to tell Expedition which FW interfaces it should use, instead Expedition is getting all defined FW on the policy: Workaround: Created a script that given the export config and a list of Firewalls, it generates a new export config maintaining only the required firewalls (OS/scripts/checkpoint_r80_util_remove_gateways.php). 2) When reading duplicated interfaces by name but in different FW/gateway Expedition was only getting the last address. Currently we are getting all them. [MT-2600] - Checkpoint - Sec rules defined on sub-policies with users were not exported properly.
View full article
Version 1.2.55 (Date Mar 8, 2023) PACKAGE DOWNLOAD   INFORMATION Link https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.55.all.deb sha1sum 93c4d51b02a19584a28b234cb051313dc8869c0b apt update sudo apt-get update; sudo apt-get install expedition-beta manual update cd /tmp; wget  https://conversionupdates.paloaltonetworks.com/expedition-updates/expedition_1.2.55.all.deb; sudo dpkg -i expedition_1.2.55.all.deb; CHANGELOG Bugs MT-2460 - Disabled call to Telemetry to avoid issues due to DNS timeout MT-2549 - Improvements and bug fixing when merging address_group and service_group by value, name and name&value, see below details: 1) On FW config: Creating shared vsys, if it does not exist, when resulting merged group object needs to be placed into shared. 2) On Panorama config: Calculating the proper DG based on Panorama DG hierarchy. 3) Avoid creating a group with duplicated members inside (only considering simple objects not groups). 4) When merging by value make sure the resulting group object contains the description from all merged objects.
View full article
  • 109 Posts
  • 256 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors