Solved: Re: How to add applications with whitespace to an ...

sdellsperger · ‎2019-02-25

Hi together,

I'd like to add a application, which includes a whitespace in the name to an application group via clish.

Something like that:

add application-group name "testApplication"
set application-group name "testApplication" add application-name "FTP Protocol"

I already tried to escape the whitespace:

add application-group name "testApplication"

set application-group name "testApplication" add application-name "FTP\ Protocol"

Unfortunately there is alway the same error:

Illegal characters in application-group name

Has someone a solution for this problem?

Thanks.

Best Regards

Severin Dellsperger

G_W_Albrecht · ‎2019-02-26

My SQLiteDatabaseBrowserPortable has an export option:

tags	description	name	appId	udpServices	tcpServices
Tunnels,Encrypts communications,Critical Risk,Anonymizer	Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40.	Proprietary Tunneling Tools	60518762		80
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk	7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75.	7FaSSt	10000419		80,443
Autostarts/Stays Resident,Low Risk,Browser Plugin	An Internet Explorer toolbar that provides search features. Supported from: R75.	My Search Bar	10000490		80
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration	Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75.	Radmin	10000578		4899
Autostarts/Stays Resident,Low Risk,Browser Plugin	This is a search browser plugin. Supported from: R75.	My Quick Search Bar	10000992		80
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing	FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75.	FlashGet	10001176		80
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75.	Xolox	10001346		80
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing	Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75.	Jubster	10001348		80
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75.	Warez	10001351		80,32285,6000,6346-6351
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75.	TrustyFiles	10001352		80
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing	Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75.	Twister	10001353		80
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75.	BearShare	10001357		80-80,443-443

I have added the appCategory DB now to the xlsx.

View solution in original post

HristoGrigorov · ‎2019-02-25

99.9999% sure that only these are allowed for object names: 0-9A-Za-z-_

Whitespaces are not supported in R77.

sdellsperger · ‎2019-02-25

I agree, anyway Checkpoint is using whitespace in their default applications. My goal is to automatically add this system applications via script.

G_W_Albrecht · ‎2019-02-25

You find that in sk40179: What are the characters and reserved words forbidden for use in Check Point Security Gatewa...

Illegal characters

(space)
+ (plus sign)
* (asterisk)
( (left parenthesis)
) (right parenthesis)
{ (left curly brace)
} (right curly brace)
[ (left square bracket)
] (right square bracket)
? (question mark)

! (exclamation mark)
# (number/pound sign)
< (less-than sign)
> (greater-than sign)
= (equals sign)
, (comma)
: (colon)
; (semi-colon)
' (single quote)
" (double quote)

` (back quote)
/ (slash)
\ (backslash)
\t (horizontal tabulation)
@ (at sign)
$ (dollar sign)
% (percent sign)
^ (caret)
| (vertical bar, pipeline)
& (ampersand)
~ (tilde)

That should be true for all CP versions and platforms.

HristoGrigorov · ‎2019-02-25

Btw, these restrictions apply to the gateway. Starting from R80.10 in Smart Console it is possible to use just any characters. The management server will internally convert it to a format acceptable by the gateway.

sdellsperger · ‎2019-02-25

Yes i know the limitations, but I try to add checkpoint (default) system applications, which include whitespace in their name. What can I do when checkpoint don't follow their own rules...

Is there maybe another solution?

Tom_Hinoue · ‎2019-02-25

I believe currently we can only add applications with space in clish by specifying the application-id, and not the application name because of this limitation... this workaround is also cited in SK109272.

sdellsperger · ‎2019-02-25

OK, thanks for the information.

Do you know if the application ID remains the same on all firewalls?

Tom_Hinoue · ‎2019-02-25

Yes, the application database should share the same application ID regarding predefined Check Point application and application categories on maintrain and SMB appliances.

sdellsperger · ‎2019-02-25

OK, thank you for your help!

sdellsperger · ‎2019-02-25

So I tried to script my application-groups with the corresponding IDs.

Than the next problem occurs:

- Categories/Tags like "High Risk", "Critical Risk", "Hate / Racism", etc. don't get a application ID.

Has someone an idea how to add this tags to an application group?

Thanks.

Tom_Hinoue · ‎2019-02-25

FYI, here are some application IDs for some categories you mentioned in this thread.

High Risk - 51000004

Critical Risk - 51000005

Hate / Racism - 14
FTP Protocol - 50000190

To check this, what I do often is to copy the "appi.db" application database file from [/storage/appi/update/] directory via SCP to my desktop, and then open the "appi.db" file with database browsers like "DB browser for SQLite" to see the ID's of an specific application or category. Very handy in my opinion

sdellsperger · ‎2019-02-25

Made my day! Thanks a lot, I will try it asap

G_W_Albrecht · ‎2019-02-26

I did suspect strongly that these IDs are in a database - in fact, i have studied ips.db already using SQLiteDatabaseBrowserPortable.exe and it is very, very interesting...

Tom_Hinoue · ‎2019-02-26

Interesting indeed

It works the same for other db files, like [system.db] where we find it in the appliance or archived backups.

I wonder if we can use the sqlite3 syntax for searching these ID's in expert mode like sk112338 - How to export application database to csv

G_W_Albrecht · ‎2019-02-26

My SQLiteDatabaseBrowserPortable has an export option:

tags	description	name	appId	udpServices	tcpServices
Tunnels,Encrypts communications,Critical Risk,Anonymizer	Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40.	Proprietary Tunneling Tools	60518762		80
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk	7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75.	7FaSSt	10000419		80,443
Autostarts/Stays Resident,Low Risk,Browser Plugin	An Internet Explorer toolbar that provides search features. Supported from: R75.	My Search Bar	10000490		80
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration	Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75.	Radmin	10000578		4899
Autostarts/Stays Resident,Low Risk,Browser Plugin	This is a search browser plugin. Supported from: R75.	My Quick Search Bar	10000992		80
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing	FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75.	FlashGet	10001176		80
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75.	Xolox	10001346		80
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing	Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75.	Jubster	10001348		80
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75.	Warez	10001351		80,32285,6000,6346-6351
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75.	TrustyFiles	10001352		80
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing	Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75.	Twister	10001353		80
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing	Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75.	BearShare	10001357		80-80,443-443

I have added the appCategory DB now to the xlsx.

View solution in original post

Tom_Hinoue · ‎2019-02-26

Oh, great! thanks for sharing the list (even with IPS)
You're right, maybe its faster to export from the db browser than doing tricks with the sqlite on the appliance, pushed myself the hardway.

G_W_Albrecht · ‎2019-02-26

If you are fluent with SQL, CLI might be easier, but the browser does a good job after you have found out how / with which options to export...

How to add applications with whitespace to an application group?

Illegal characters