This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Benjiman
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Benjiman
03-17-2021
4Posts
1Like
1Solution
Mar 17, 2021Last Visited
User
Activity
User
Profile
Latest posts by Benjiman
| Subject | Views | Posted |
|---|---|---|
| 3983 | 03-04-2020 02:45 PM | |
| 3935 | 03-04-2020 02:36 PM | |
| 3942 | 03-04-2020 02:32 PM | |
| 4034 | 03-04-2020 02:07 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-04-2020 02:45 PM |
User Badges
Community Statistics
| Member Since | 11-26-2019 08:31 PM |
| Date Last Visited | 03-17-2021 06:02 PM |
| Posts | 4 |
| Total Likes Received | 1 |
03-04-2020
02:45 PM
1 Kudo
Hi Lynn,
It appears that the line " access-list FROM-Zone extended permit icmp object-group Subnets any unreachable" created a NEW application that was a duplicate of the inbuilt icmp_unreach
Thanks for your help 🙂
... View more
03-04-2020
02:36 PM
I already tried an update yesterday, this new version must have come out within the last 18 hours.
Is there a link between Expedition versions and Panorama versions?
... View more
03-04-2020
02:32 PM
Hi Lynn
Thank you for your quick response.
Panorama is running at 9.0.4
Expedition is 1.1.58.1 (fresh install yesterday to attempt to rectify the issue)
I'm also experiencing a lot of issues when merging, like it will change interface names to Ethernet2, rather than ethernet1/1... and remove associations from Zones etc...
... View more
03-04-2020
02:07 PM
Hi Expedition Forum,
When migrating from a Cisco PIX I am receiving the following error when I attempt API call to push to Panorama.
This is the PIX line.
access-list FROM-Zone extended permit icmp object-group Subnets any unreachable
/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='DG-Host-device']/application
<application><entry name="icmp_destination_unreachable"><category>networking</category><subcategory>ip-protocol</subcategory><risk>1</risk><technology>network-protocol</technology><evasive-behavior>no</evasive-behavior><consume-big-bandwidth>no</consume-big-bandwidth><used-by-malware>no</used-by-malware><able-to-transfer-file>no</able-to-transfer-file><has-known-vulnerability>no</has-known-vulnerability><tunnel-other-application>no</tunnel-other-application><tunnel-applications>no</tunnel-applications><prone-to-misuse>no</prone-to-misuse><pervasive-use>no</pervasive-use><file-type-ident>no</file-type-ident><virus-ident>no</virus-ident><data-ident>no</data-ident><default><ident-by-icmp-type><type>3</type><code>0</code></ident-by-icmp-type></default></entry></application>
Answer from device: {"1":{"device":"Panorama","status":"fail","text":"<msg><line><![CDATA[ application -> icmp_destination_unreachable \\'icmp_destination_unreachable\\' is already in use]]><\/line><\/msg>","date":"2020-03-04 16:54:58"}}
Any help is greatly appreciated.
Regards,
Ben
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks