Palo Alto Expedition

What is Expedition?

The latest evolution of the Palo Alto Networks Migration Tool is Expedition, now in its fifth iteration. Originally designed to streamline the process of migrating configurations from various supported vendors to Palo Alto Networks, Expedition has come a long way.

The tool simplifies the conversion of configurations from vendors like Checkpoint or Cisco to PAN-OS, allowing you to focus on enhancing the outcomes. With the introduction of Migration Tool 3, users could enforce security policies based on App-ID and User-ID, adding another layer of customization.

Expedition 1.X took things a step further. Our aim was not only to ease the transition of security policies from other vendors to PAN-OS but also to ensure that the end result leverages the most advanced features of our platform. We introduced a Machine Learning module to generate new security policies based on actual log traffic to achieve this. Additionally, the Best Practices Assessment Tool was added to ensure configurations align with the recommendations of our security experts.

Release of Expedition 2.0, It focused on two primary objectives:

• Enhancing the tool’s performance and reliability.
• Introducing automation features for a more streamlined experience.

Installing Palo Alto Networks Expedition

To install Palo Alto Networks Expedition, follow these general steps. Please note that these steps might vary slightly depending on the version of Expedition and the underlying operating system.

Prerequisites

• A server or virtual machine with Ubuntu 20.04 LTS.
• Sudo or root privileges on the server.
• Internet access for downloading packages and updates.

Installation Steps

1. Update System Packages

sudo apt-get update
sudo apt-get upgrade -y 

2. Install Required Dependencies:

sudo apt-get install -y wget git

3. Download the Expedition Installer Script:

wget https://conversionupdates.paloaltonetworks.com/expeditionInstaller.tgz

4. Extract the Installer:

tar -xvf expeditionInstaller.tgz

5. Run the Expedition Installer:

sudo bash ./expeditionInstaller.sh

6. Follow the On-Screen Instructions: The installer will guide you through installation. You may be prompted to confirm the installation of various components and to set up a database password.
7. Access Expedition: Once the installation is complete, you can access Expedition by navigating to http://<your-server-ip> in your web browser. The default username and password are usually admin and palo alto, respectively.

Post-Installation Steps

1. Change Default Credentials: Changing the default username and password is recommended for security reasons.
2. Configure Firewall Rules: Ensure your firewall allows traffic on the required ports for Expedition to operate correctly.
3. Update Expedition: Regularly check for updates to Expedition and apply them to keep the tool secure and functional.

1. Access Expedition Web Interface

• Open a web browser and navigate to http://<your-server-ip>.
• Log in with the default credentials (usually admin for both username and password) or the credentials you set during installation.

2. Change Default Password

• For security reasons, changing the default password is highly recommended.
• Navigate to the user profile settings and update the password.

3. Configure Network Settings

• Configure the network settings to ensure Expedition can communicate with your firewalls, log collectors, and other network components if necessary.
• This might involve setting up IP addresses, DNS, NTP, and other network-related configurations.

4. Set Up Device Groups and Templates (Optional)

• If you’re using Panorama or managing multiple firewalls, consider setting up device groups and templates for easier management.

5. Import Firewall Configuration

• To start working with your firewall configurations, you’ll need to import them into Expedition.
• Navigate to the appropriate section in Expedition (e.g., “Import”) and follow the prompts to upload your configuration files.

6. Analyze and Optimize Configurations

• Once your configurations are imported, you can use Expedition’s tools to analyze, optimize, and clean up your firewall rules, objects, and policies.
• Look for redundant rules, unused objects, and other areas for improvement.

7. Export and Deploy Configurations

• After making changes and optimizations, you can export the updated configurations.
• Deploy the exported configurations to your firewalls or Panorama, following the appropriate procedures for your devices.

8. Regular Maintenance

• Regularly check for updates to Expedition and apply them to keep the tool secure and up to date.

• Periodically review and optimize your firewall configurations to maintain optimal performance and security.