- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi together,
I'd like to add a application, which includes a whitespace in the name to an application group via clish.
Something like that:
add application-group name "testApplication"
set application-group name "testApplication" add application-name "FTP Protocol"
I already tried to escape the whitespace:
add application-group name "testApplication"
set application-group name "testApplication" add application-name "FTP\ Protocol"
Unfortunately there is alway the same error:
Illegal characters in application-group name
Has someone a solution for this problem?
Thanks.
Best Regards
Severin Dellsperger
My SQLiteDatabaseBrowserPortable has an export option:
tags | description | name | appId | udpServices | tcpServices |
Tunnels,Encrypts communications,Critical Risk,Anonymizer | Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40. | Proprietary Tunneling Tools | 60518762 | 80 | |
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk | 7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75. | 7FaSSt | 10000419 | 80,443 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | An Internet Explorer toolbar that provides search features. Supported from: R75. | My Search Bar | 10000490 | 80 | |
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration | Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75. | Radmin | 10000578 | 4899 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | This is a search browser plugin. Supported from: R75. | My Quick Search Bar | 10000992 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing | FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75. | FlashGet | 10001176 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75. | Xolox | 10001346 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing | Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75. | Jubster | 10001348 | 80 | |
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75. | Warez | 10001351 | 80,32285,6000,6346-6351 | |
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75. | TrustyFiles | 10001352 | 80 | |
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing | Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75. | Twister | 10001353 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75. | BearShare | 10001357 | 80-80,443-443 |
I have added the appCategory DB now to the xlsx.
99.9999% sure that only these are allowed for object names: 0-9A-Za-z-_
Whitespaces are not supported in R77.
I agree, anyway Checkpoint is using whitespace in their default applications. My goal is to automatically add this system applications via script.
You find that in sk40179: What are the characters and reserved words forbidden for use in Check Point Security Gatewa...
|
|
|
That should be true for all CP versions and platforms.
Btw, these restrictions apply to the gateway. Starting from R80.10 in Smart Console it is possible to use just any characters. The management server will internally convert it to a format acceptable by the gateway.
Yes i know the limitations, but I try to add checkpoint (default) system applications, which include whitespace in their name. What can I do when checkpoint don't follow their own rules...
Is there maybe another solution?
I believe currently we can only add applications with space in clish by specifying the application-id, and not the application name because of this limitation... this workaround is also cited in SK109272.
OK, thanks for the information.
Do you know if the application ID remains the same on all firewalls?
Yes, the application database should share the same application ID regarding predefined Check Point application and application categories on maintrain and SMB appliances.
OK, thank you for your help!
So I tried to script my application-groups with the corresponding IDs.
Than the next problem occurs:
- Categories/Tags like "High Risk", "Critical Risk", "Hate / Racism", etc. don't get a application ID.
Has someone an idea how to add this tags to an application group?
Thanks.
FYI, here are some application IDs for some categories you mentioned in this thread.
High Risk - 51000004
Critical Risk - 51000005
Hate / Racism - 14
FTP Protocol - 50000190
To check this, what I do often is to copy the "appi.db" application database file from [/storage/appi/update/] directory via SCP to my desktop, and then open the "appi.db" file with database browsers like "DB browser for SQLite" to see the ID's of an specific application or category. Very handy in my opinion
Made my day! Thanks a lot, I will try it asap
I did suspect strongly that these IDs are in a database - in fact, i have studied ips.db already using SQLiteDatabaseBrowserPortable.exe and it is very, very interesting...
Interesting indeed
It works the same for other db files, like [system.db] where we find it in the appliance or archived backups.
I wonder if we can use the sqlite3 syntax for searching these ID's in expert mode like sk112338 - How to export application database to csv
My SQLiteDatabaseBrowserPortable has an export option:
tags | description | name | appId | udpServices | tcpServices |
Tunnels,Encrypts communications,Critical Risk,Anonymizer | Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40. | Proprietary Tunneling Tools | 60518762 | 80 | |
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk | 7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75. | 7FaSSt | 10000419 | 80,443 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | An Internet Explorer toolbar that provides search features. Supported from: R75. | My Search Bar | 10000490 | 80 | |
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration | Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75. | Radmin | 10000578 | 4899 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | This is a search browser plugin. Supported from: R75. | My Quick Search Bar | 10000992 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing | FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75. | FlashGet | 10001176 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75. | Xolox | 10001346 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing | Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75. | Jubster | 10001348 | 80 | |
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75. | Warez | 10001351 | 80,32285,6000,6346-6351 | |
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75. | TrustyFiles | 10001352 | 80 | |
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing | Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75. | Twister | 10001353 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75. | BearShare | 10001357 | 80-80,443-443 |
I have added the appCategory DB now to the xlsx.
Oh, great! thanks for sharing the list (even with IPS)
You're right, maybe its faster to export from the db browser than doing tricks with the sqlite on the appliance, pushed myself the hardway.
If you are fluent with SQL, CLI might be easier, but the browser does a good job after you have found out how / with which options to export...
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY