👍 Shows reserved words in hostnames quickly > sk169892.
ℹ️ Can be easily changed to also check these in management databases.
One-liner (Bash) to assist identifying unsupported reserved words (sk40179) in hostnames.
In expert mode run:
echo; if [[ -n `hostname|tr '-' '\n'|grep -E '^accept$|^all$|^All$|^and$|^any$|^Any$|^apr$|^Apr$|^april$|^April$|^aug$|^Aug$|^august$|^August$|^black$|^blackboxs$|^blue$|^broadcasts$|^call$|^comment$|^conn$|^date$|^day$|^debug$|^dec$|^Dec$|^december$|^December$|^deffunc$|^define$|^delete$|^delstate$|^direction$|^do$|^domains$|^drop$|^dst$|^dynamic$|^edge$|^else$|^expcall$|^expires$|^export$|^fcall$|^feb$|^Feb$|^february$|^February$|^firebrick$|^foreground$|^forest$|^format$|^fri$|^Fri$|^friday$|^Friday$|^from$|^fw1$|^FW1$|^fwline$|^fwrule$|^gateways$|^get$|^getstate$|^gold$|^gray$|^green$|^hashsize$|^hold$|^host$|^hosts$|^if$|^ifaddr$|^ifid$|^implies$|^in$|^inbound$|^instate$|^interface$|^interfaces$|^ipsecdata$|^ipsecmethods$|^is$|^jan$|^Jan$|^january$|^January$|^jul$|^Jul$|^july$|^July$|^jun$|^Jun$|^june$|^June$|^kbuf$|^keep$|^limit$|^local$|^localhost$|^log$|^LOG$|^logics$|^magenta$|^mar$|^Mar$|^march$|^March$|^may$|^May$|^mday$|^medium$|^modify$|^mon$|^Mon$|^monday$|^Monday$|^month$|^mortrap$|^navy$|^netof$|^nets$|^nexpires$|^not$|^nov$|^Nov$|^november$|^November$|^oct$|^Oct$|^october$|^October$|^or$|^orange$|^origdport$|^origdst$|^origsport$|^origsrc$|^other$|^outbound$|^packet$|^packetid$|^packetlen$|^pass$|^r_arg$|^r_call_counter$|^r_cdir$|^r_cflags$|^r_chandler$|^r_client_community$|^r_client_ifs_grp$|^r_community_left$|^r_connarg$|^r_spii_uuid4$|^r_str_dport$|^r_str_dst$|^r_str_ipp$|^r_str_sport$|^r_str_src$|^r_user$|^record$|^red$|^refresh$|^reject$|^routers$|^r_crule$|^r_ctimeout$|^r_ctype$|^r_curr_feature_id$|^r_data_offset$|^r_dtmatch$|^r_dtmflags$|^r_entry$|^r_g_offset$|^r_ipv6$|^r_mapped_ip$|^r_mflags$|^r_mhandler$|^r_mtimeout$|^r_oldcdir$|^r_pflags$|^r_profile_id$|^r_ro_client_community$|^r_ro_dst_sr$|^r_ro_server_community$|^r_ro_src_sr$|^r_scvres$|^r_server_community$|^r_server_ifs_grp$|^r_service_id$|^r_simple_hdrlen$|^r_spii_ret$|^r_spii_tcpseq$|^r_spii_uuid1$|^r_spii_uuid2$|^r_spii_uuid3$|^sat$|^Sat$|^saturday$|^Saturday$|^second$|^sep$|^Sep$|^september$|^September$|^set$|^setstate$|^skipme$|^skippeer$|^sr$|^src$|^static$|^sun$|^Sun$|^sunday$|^Sunday$|^switchs$|^sync$|^targets$|^thu$|^Thu$|^thursday$|^Thursday$|^to$|^tod$|^tue$|^Tue$|^tuesday$|^Tuesday$|^ufp$|^vanish$|^vars$|^wasskipped$|^wed$|^Wed$|^wednesday$|^Wednesday$|^while$|^xlatedport$|^xlatedst$|^xlatemethod$|^xlatesport$|^xlatesrc$|^xor$|^year$|^zero$|^zero_ip$|^CPM$|^Global$|^Web$|^mon$|^Mon$|^monday$|^Monday$|^tue$|^Tue$|^tuesday$|^Tuesday$|^wed$|^Wed$|^wednesday$|^Wednesday$|^thu$|^Thu$|^thursday$|^Thursday$|^fri$|^Fri$|^friday$|^Friday$|^sat$|^Sat$|^saturday$|^Saturday$|^sun$|^Sun$|^sunday$|^Sunday$|^jan$|^Jan$|^january$|^January$|^feb$|^Feb$|^february$|^February$|^mar$|^Mar$|^march$|^March$|^apr$|^Apr$|^april$|^April$|^may$|^May$|^jun$|^Jun$|^june$|^June$|^jul$|^Jul$|^july$|^July$|^aug$|^Aug$|^august$|^August$|^sep$|^Sep$|^september$|^September$|^oct$|^Oct$|^october$|^October$|^nov$|^Nov$|^november$|^November$|^dec$|^Dec$|^december$|^December$|^date$|^day$|^month$|^year$|^black$|^blue$|^cyan$|^dark$|^firebrick$|^foreground$|^forest$|^gold$|^gray$|^green$|^magenta$|^medium$|^navy$|^orange$|^red$|^sienna$|^yellow$|^Account$|^Alert$|^Auth$|^AuthAlert$|^Duplicate$|^gateways$|^host$|^Long$|^Mail$|^netobj$|^resourceobj$|^routers$|^servers$|^servobj$|^Short$|^SnmpTrap$|^spoof$|^spoofalert$|^targets$|^tracks$|^ufp$|^UserDefined$|^dynobj_list$|^full_service_list$|^ip_list$|^rulenum_list$|^service_list$|^target_list$|^tcpt_list$|^valid_addrs_list$|^ipv6$|^block$|^cp_mgmt$|^art$|^dns_atma$|^wmp_sami$|^rtf$|^sctp$|^rpc$|^diameter$'` ]]; then echo 'Reserved word found!'; else echo 'No reserved words found!'; fi; if [[ -n `hostname|grep -E '^firewall-1$|^fw1$|^FW1$|^fw-1$|^mail$|^smtp$'` ]]; then echo 'Unsecure hostname!'; else echo 'Secure hostname!'; fi; echo
This one-liner quickly identifies all reserved words within the hostname of a system. These should never be used anywhere within a Check Point configuration and cause an error message even when used in hostnames starting from R80.40 (sk169892). Also keep in mind that using "-" (dash) signs in the Check Point world is bad practice as Check Point's INSPECT code will interprete this as a word separator. I've also experienced issues with dash signs in relation to sk42952. Check Point uses underscores in their solution whenever required (example). But keep in mind that 1400/1500 appliances don't support underscores. Also CIFS/NetBIOS is known to have issues with underscore chracters. Therefore I recommend to use alphabetical characters only within Check Point.
Integrated with our ccc script.
-- More one-liners --
One-liner for Address Spoofing Troubleshooting
One-liner for Remote Address VPN Statistics
One-liner to show VPN topology on gateways
One-liner to show Geo Policy on gateways