- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: How to add applications with whitespace to an ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to add applications with whitespace to an application group?
Hi together,
I'd like to add a application, which includes a whitespace in the name to an application group via clish.
Something like that:
add application-group name "testApplication"
set application-group name "testApplication" add application-name "FTP Protocol"
I already tried to escape the whitespace:
add application-group name "testApplication"
set application-group name "testApplication" add application-name "FTP\ Protocol"
Unfortunately there is alway the same error:
Illegal characters in application-group name
Has someone a solution for this problem?
Thanks.
Best Regards
Severin Dellsperger
- Tags:
- clish
- smb and smp
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My SQLiteDatabaseBrowserPortable has an export option:
tags | description | name | appId | udpServices | tcpServices |
Tunnels,Encrypts communications,Critical Risk,Anonymizer | Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40. | Proprietary Tunneling Tools | 60518762 | 80 | |
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk | 7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75. | 7FaSSt | 10000419 | 80,443 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | An Internet Explorer toolbar that provides search features. Supported from: R75. | My Search Bar | 10000490 | 80 | |
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration | Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75. | Radmin | 10000578 | 4899 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | This is a search browser plugin. Supported from: R75. | My Quick Search Bar | 10000992 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing | FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75. | FlashGet | 10001176 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75. | Xolox | 10001346 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing | Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75. | Jubster | 10001348 | 80 | |
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75. | Warez | 10001351 | 80,32285,6000,6346-6351 | |
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75. | TrustyFiles | 10001352 | 80 | |
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing | Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75. | Twister | 10001353 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75. | BearShare | 10001357 | 80-80,443-443 |
I have added the appCategory DB now to the xlsx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
99.9999% sure that only these are allowed for object names: 0-9A-Za-z-_
Whitespaces are not supported in R77.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree, anyway Checkpoint is using whitespace in their default applications. My goal is to automatically add this system applications via script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You find that in sk40179: What are the characters and reserved words forbidden for use in Check Point Security Gatewa...
Illegal characters
|
|
|
That should be true for all CP versions and platforms.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Btw, these restrictions apply to the gateway. Starting from R80.10 in Smart Console it is possible to use just any characters. The management server will internally convert it to a format acceptable by the gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes i know the limitations, but I try to add checkpoint (default) system applications, which include whitespace in their name. What can I do when checkpoint don't follow their own rules...
Is there maybe another solution?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe currently we can only add applications with space in clish by specifying the application-id, and not the application name because of this limitation... this workaround is also cited in SK109272.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, thanks for the information.
Do you know if the application ID remains the same on all firewalls?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the application database should share the same application ID regarding predefined Check Point application and application categories on maintrain and SMB appliances.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, thank you for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I tried to script my application-groups with the corresponding IDs.
Than the next problem occurs:
- Categories/Tags like "High Risk", "Critical Risk", "Hate / Racism", etc. don't get a application ID.
Has someone an idea how to add this tags to an application group?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FYI, here are some application IDs for some categories you mentioned in this thread.
High Risk - 51000004
Critical Risk - 51000005
Hate / Racism - 14
FTP Protocol - 50000190
To check this, what I do often is to copy the "appi.db" application database file from [/storage/appi/update/] directory via SCP to my desktop, and then open the "appi.db" file with database browsers like "DB browser for SQLite" to see the ID's of an specific application or category. Very handy in my opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Made my day! Thanks a lot, I will try it asap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did suspect strongly that these IDs are in a database - in fact, i have studied ips.db already using SQLiteDatabaseBrowserPortable.exe and it is very, very interesting...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting indeed
It works the same for other db files, like [system.db] where we find it in the appliance or archived backups.
I wonder if we can use the sqlite3 syntax for searching these ID's in expert mode like sk112338 - How to export application database to csv
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My SQLiteDatabaseBrowserPortable has an export option:
tags | description | name | appId | udpServices | tcpServices |
Tunnels,Encrypts communications,Critical Risk,Anonymizer | Proprietary Tunneling Tools is used to detect various tools who employ a communications protocol owned by a single organization or individual where usually one controls both client and server software. Supported from: R75.40. | Proprietary Tunneling Tools | 60518762 | 80 | |
Autostarts/Stays Resident,Stealth Tactics,Web Advertisements,Bundles Software,Medium Risk | 7FaSSt provides you an IE toolbar with a search field which queries the engine 7search.com. The addresses of all Explorer windows are passed to the server fstrack.7search.com. This includes the URLs of all web pages visited, pseudo-URLs like 'about:', and the names of folders, images and other objects in local file system. A unique user ID is used to track you across addresses visited. Cookies are also issued if you use the search toolbar. Supported from: R75. | 7FaSSt | 10000419 | 80,443 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | An Internet Explorer toolbar that provides search features. Supported from: R75. | My Search Bar | 10000490 | 80 | |
Autostarts/Stays Resident,Opens ports,Allows remote control,High Bandwidth,Supports File Transfer,High Risk,Remote Administration | Radmin is a remote control software for Microsoft Windows which uses the Mirror Driver to remotely control another computer. Supported from: R75. | Radmin | 10000578 | 4899 | |
Autostarts/Stays Resident,Low Risk,Browser Plugin | This is a search browser plugin. Supported from: R75. | My Quick Search Bar | 10000992 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,BitTorrent protocol,eDonkey,High Risk,P2P File Sharing | FlashGet is a download manager that splits downloaded files into sections for an increase in download speed. Supported from: R75. | FlashGet | 10001176 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | From XoloX EULA: XoloX is partially supported by advertising revenues, however we are making every attempt to limit the amount of advertising delivered to you and to make that advertising as non-intrusive as possible. Supported from: R75. | Xolox | 10001346 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Bundles Software,eDonkey,High Risk,P2P File Sharing | Jubster is a Windows-based peer-to-peer client that is used for finding MP3 files. Supported from: R75. | Jubster | 10001348 | 80 | |
Opens ports,High Bandwidth,Supports File Transfer,Encrypts communications,BitTorrent protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Warez.com allows users to search and download torrent files from other torrent websites. Supported from: R75. | Warez | 10001351 | 80,32285,6000,6346-6351 | |
Opens ports,High Bandwidth,Supports File Transfer,Bundles Software,Encrypts communications,BitTorrent protocol,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Trustyfiles allows users to search and download files using the Gnutella and Bittorrent networks. Supported from: R75. | TrustyFiles | 10001352 | 80 | |
Opens ports,Bundles Software,Encrypts communications,Share Files,UDP Protocol,High Risk,P2P File Sharing | Twister allows the user to search through different search engines in order to download mp3 files. Supported from: R75. | Twister | 10001353 | 80 | |
Adds other software,High Bandwidth,Supports File Transfer,Encrypts communications,Gnutella protocol,Share Files,UDP Protocol,High Risk,P2P File Sharing | Bearshare is a peer-to-peer file sharing application. It uses IM2Net P2P network Protocol. Supported from: R75. | BearShare | 10001357 | 80-80,443-443 |
I have added the appCategory DB now to the xlsx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, great! thanks for sharing the list (even with IPS)
You're right, maybe its faster to export from the db browser than doing tricks with the sqlite on the appliance, pushed myself the hardway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are fluent with SQL, CLI might be easier, but the browser does a good job after you have found out how / with which options to export...
