About Tony_Kiser

Tony_Kiser · ‎11-07-2019

New with creating custom miners/prototypes/etc for pulling addresses. I'm trying to get an EDL consumable list from the below page for lookback.io. I assume the main part I'm missing is which prototype, processor, and output to choose, as well as the necessary regex to format it correctly. ANY help would be GREATLY appreciated. https://dormammu.lookback.io/registry/hosts

Tony_Kiser · ‎11-06-2019

Updated to the latest version and still the same problem! any help would be great!

Tony_Kiser · ‎10-16-2019

I just updated, but was at 1.1.35. is that e-mail fwmigrate@paloaltonetworks dot com?

Tony_Kiser · ‎10-15-2019

I have been doing similar work by doing a partial config import of the x-path you want to pull in. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbLCAS You can find the x-path in Expedition. After you remove unused objects, for example, and go to 'export' and api output manager tab. generate an atomic API request then you'll see the x-paths.

Tony_Kiser · ‎10-14-2019

I am using Expedition to remove unused objects from firewalls via a partial config import. What I ran into is the tool removed an unknown number of objects that, while not used by a security policy, they are in fact used by a NAT policy! Because of this I was only able to import services, service groups, and address groups. Importing the new, "smaller" address list won't allow a commit because of the NAT policies that are pointing to objects that Expedition removed. Has anyone else seen this, or have any info on why this is happening?

Tony_Kiser · ‎02-15-2019

feeling a little stupid... but maybe just cause it's Friday... 🙂 isn't the expedition tool supposed to pop up a box when I log in telling me what IP address to use to access it via a browser? I'm not seeing that.

Tony_Kiser · ‎02-15-2019

OK, actually figured that part out (just upgraded OS X and Fusion 8.5 too old . 🙂 now, do you have, off the top of your head, the CLI syntax to upgrade the image from the CLI?

Tony_Kiser · ‎02-15-2019

Ya, that's the problem. I can't even log into the CLI to get it upgraded. I key the credentials, but nothing happens. it's odd.

Tony_Kiser · ‎02-15-2019

I'm coming back around to doing some serious testing so we can start really using Expedition. Now, I downloaded the latest version, opened it in VMWare Fusion 8.5 and when I launch it, i get to this and can't even log into the CLI.... The cursor is actually blinking over the 'E'. Thought's on why I can't even log into the CLI right away?

Tony_Kiser · ‎01-18-2019

DUDE!! That's gold! Thanks.

Tony_Kiser · ‎01-18-2019

That's actually part of the issue @LukeBullimore; our xml is so big, Expedition can't digest it. 🙂

Tony_Kiser · ‎01-16-2019

Ya, the performance impact we see is things like changing context from one FW to another within Panorama, commits, etc. Not processing performance. The other "indirect" impact is that we currenlty can't pull the config into Expedition because of the size limite of the XML that Expedition can process. And yup, i've been at this company for about 2.5 years, and they are, overall, a shop converted from ASA side of the world 🙂

Tony_Kiser · ‎01-15-2019

Historically, for a LONG time, we have created an object for every IP address and every port (for port based rules). Over the years, this has lead to our config being HUGE. Last tech support file from Panorama is 85MB. With thousands and thousands of objects, my opinion is that's contributing to the performance issues we see; the fact that all these objects get sent to the firewalls, and has to be updated everytime we do a push. So question is this; do others agee with this? Has anyone actually backed down the object list (like removing unused, and removing objects for single IP policies, and just put the IP in the rule itself only) and then seen a performance gain? It would be a substantial task, but possibly a useful one. Thoughts?

Tony_Kiser · ‎11-06-2018

Hi Greg, how did you upgrade to 0.9.50 inside of Autofocus??

Tony_Kiser · ‎08-16-2018

I'm simply trying to import an xml into a project that my account created and as soon as the % import basically finishes, I get a message that says "you do not have rights in the project" ?? Any assistance would be great!

Member Since	‎07-21-2016 12:19 PM
Date Last Visited	‎04-15-2022 01:39 PM
Posts	21
Total Likes Received	2

Online Status	Offline
Date Last Visited	‎04-15-2022 01:39 PM

About Tony_Kiser

Miner for ipv4 and v6 lists

Re: Unused objects actually used by NAT

Re: Unused objects actually used by NAT

Re: deleting disabled policies from expedition

Unused objects actually used by NAT

Re: Panorama/Firewall performance

Re: Importing rules into Expedition from a Firewall managed by Panorama

Re: How are unused objects calculated

Re: Panorama/Firewall performance

Re: Panorama/Firewall performance

Re: Importing rules into Expedition from a Firewall managed by Panorama

Miner for ipv4 and v6 lists

Re: Unused objects actually used by NAT

Re: Unused objects actually used by NAT

Re: deleting disabled policies from expedition

Unused objects actually used by NAT

Re: Odd issue just starting Expedition in new setup

Re: Odd issue just starting Expedition in new setup

Re: Odd issue just starting Expedition in new setup

Odd issue just starting Expedition in new setup

Re: Panorama/Firewall performance

Re: Panorama/Firewall performance

Re: Panorama/Firewall performance

Panorama/Firewall performance

Re: All O365 Miners have 0 indicators as of a few hours ago

Re: Expedition Documentation

Network Security

Cloud Security

Security Operations

About Tony_Kiser