Support Center > Search Results > SecureKnowledge Details
What are the characters and reserved words forbidden for use in Check Point Security Gateway and Security Management?
Solution

Security Gateway and Security Management have some reserved words and characters, which cannot be used in SmartDashboard.

Important: The list of words is partial. It is dynamic and no one ever presumed to populate it so it will include all cases.

The characters and reserved words listed below should not be used within objects definition (i.e., Network Objects, Users, Groups, etc.).

Table of Contents:

  • Illegal characters
  • INSPECT reserved words
  • Reserved words in the new CPM server added in R80
  • Days of weeks
  • Months
  • Time reference
  • Colors
  • Special characters
  • Scoped reserved words
  • List Prefixes
  • Object Names
  • Object Names that can potentially cause a security risk
  • Names of IPS protections
  • LTE reserved words

 

Illegal characters

  •   (space)
  • + (plus sign)
  • * (asterisk)
  • ( (left parenthesis)
  • ) (right parenthesis)
  • { (left curly brace)
  • } (right curly brace)
  • [ (left square bracket)
  • ] (right square bracket)   
  • ? (question mark)
  • ! (exclamation mark)
  • # (number/pound sign)   
  • < (less-than sign)
  • > (greater-than sign)
  • = (equals sign)
  • , (comma)
  • : (colon)
  • ; (semi-colon)
  • ' (single quote)
  • " (double quote)
  • ` (back quote)
  • / (slash)
  • \ (backslash)
  • \t (horizontal tabulation)
  • @ (at sign)
  • $ (dollar sign)
  • % (percent sign)
  • ^ (caret)
  • | (vertical bar, pipeline)
  • & (ampersand)
  • ~ (tilde)

Object definition can not start with "[S|s][R|r]n", where "n" is a decimal number between 0 and 15 (e.g., can not start with SR1, Sr4, sR9, etc.).

Note: The "-" (dash) sign is used in INSPECT code as a word separator, and any string that is in the form of: "<characters>-<reserved word>" cannot be used (e.g., the name "something-inbound").

 

INSPECT reserved words  

Note: This section is relevant only for R7X versions. In R80.x, we do not have the rulebase in the INSPECT code (.pf)

  • accept
  • all
  • All
  • and
  • any
  • Any
  • apr
  • Apr
  • april
  • April
  • aug
  • Aug
  • august
  • August
  • black
  • blackboxs
  • blue
  • broadcasts
  • call
  • comment
  • conn
  • date
  • day
  • debug
  • dec
  • Dec
  • december
  • December
  • deffunc
  • define
  • delete
  • delstate
  • direction
  • do
  • domains
  • drop
  • dst
  • dynamic
  • edge
  • else
  • expcall
  • expires
  • export
  • fcall
  • feb
  • Feb
  • february
  • February
  • firebrick
  • foreground
  • forest
  • format
  • fri
  • Fri
  • friday
  • Friday
  • from
  • fw1
  • FW1
  • fwline
  • fwrule
  • gateways
  • get
  • getstate
  • gold
  • gray
  • green
  • hashsize
  • hold
  • host
  • hosts
  • if
  • ifaddr
  • ifid
  • implies
  • in
  • inbound
  • instate
  • interface
  • interfaces
  • ipsecdata
  • ipsecmethods
  • is 
  • jan
  • Jan
  • january
  • January
  • jul
  • Jul
  • july
  • July
  • jun
  • Jun
  • june
  • June
  • kbuf
  • keep
  • limit
  • local
  • localhost
  • log
  • LOG
  • logics
  • magenta
  • mar
  • Mar
  • march
  • March
  • may
  • May
  • mday
  • medium
  • modify
  • mon
  • Mon
  • monday
  • Monday
  • month
  • mortrap
  • navy
  • netof
  • nets
  • nexpires
  • not
  • nov
  • Nov
  • november
  • November
  • oct
  • Oct
  • october
  • October
  • or
  • orange
  • origdport
  • origdst
  • origsport
  • origsrc
  • other
  • outbound
  • packet
  • packetid
  • packetlen
  • pass
  • r_arg
  • r_call_counter
  • r_cdir
  • r_cflags
  • r_chandler
  • r_client_community
  • r_client_ifs_grp
  • r_community_left
  • r_connarg
  • r_spii_uuid4
  • r_str_dport
  • r_str_dst
  • r_str_ipp
  • r_str_sport
  • r_str_src
  • r_user
  • record
  • red
  • refresh
  • reject
  • routers
  • r_crule
  • r_ctimeout
  • r_ctype
  • r_curr_feature_id
  • r_data_offset
  • r_dtmatch
  • r_dtmflags
  • r_entry
  • r_g_offset
  • r_ipv6
  • r_mapped_ip
  • r_mflags
  • r_mhandler
  • r_mtimeout
  • r_oldcdir
  • r_pflags
  • r_profile_id
  • r_ro_client_community
  • r_ro_dst_sr
  • r_ro_server_community
  • r_ro_src_sr
  • r_scvres
  • r_server_community
  • r_server_ifs_grp
  • r_service_id
  • r_simple_hdrlen
  • r_spii_ret
  • r_spii_tcpseq
  • r_spii_uuid1
  • r_spii_uuid2
  • r_spii_uuid3
  • sat
  • Sat
  • saturday
  • Saturday
  • second
  • sep
  • Sep
  • september
  • September
  • set
  • setstate
  • skipme
  • skippeer
  • sr
  • src
  • static
  • sun
  • Sun
  • sunday
  • Sunday
  • switchs
  • sync
  • targets
  • thu
  • Thu
  • thursday
  • Thursday
  • to
  • tod
  • tue
  • Tue
  • tuesday
  • Tuesday
  • ufp
  • vanish
  • vars
  • wasskipped
  • wed
  • Wed
  • wednesday
  • Wednesday
  • while
  • xlatedport
  • xlatedst
  • xlatemethod
  • xlatesport
  • xlatesrc
  • xor
  • year
  • zero
  • zero_ip

Reserved words in the new CPM server added in R80

  • CPM
  • Global

Days of weeks

  • mon
  • Mon
  • monday
  • Monday
  • tue
  • Tue
  • tuesday
  • Tuesday  
  • wed
  • Wed
  • wednesday
  • Wednesday  
  • thu
  • Thu
  • thursday
  • Thursday
  • fri
  • Fri
  • friday
  • Friday
  • sat
  • Sat
  • saturday
  • Saturday
  • sun
  • Sun
  • sunday
  • Sunday

 

Months

  • jan
  • Jan
  • january
  • January
  • feb
  • Feb
  • february
  • February
  • mar
  • Mar
  • march
  • March
  • apr
  • Apr
  • april
  • April
  • may
  • May
  • jun
  • Jun
  • june
  • June
  • jul
  • Jul
  • july
  • July
  • aug
  • Aug
  • august
  • August
  • sep
  • Sep
  • september
  • September
  • oct
  • Oct
  • october
  • October
  • nov
  • Nov
  • november
  • November
  • dec
  • Dec
  • december
  • December

 

Time reference

  • date
  • day
  • month
  • year

 

Colors

To be on a safe side, avoid any gradients of the colors listed below (e.g., dark, light, medium, etc).

  • black
  • blue
  • cyan
  • dark
  • firebrick
  • foreground
  • forest
  • gold
  • gray
  • green
  • magenta
  • medium
  • navy
  • orange
  • red
  • sienna
  • yellow

 

Special characters

Special characters are not supported (in languages such as French, Spanish, German, Japanese) for versions below R80.

Examples: Æ, ç, ê, ü, etc.

Refer to sk131473 - Naming of network objects on R80.x Security Management server

Scoped reserved words

  • Account
  • Alert
  • Auth
  • AuthAlert
  • Duplicate
  • gateways
  • host
  • Long
  • Mail
  • netobj
  • resourceobj
  • routers
  • servers
  • servobj
  • Short
  • SnmpTrap
  • spoof
  • spoofalert
  • targets
  • tracks
  • ufp
  • UserDefined

 

List Prefixes

  • dynobj_list
  • full_service_list
  • ip_list
  • rulenum_list
  • service_list
  • target_list
  • tcpt_list
  • valid_addrs_list

 

Object Names

Note: Using these Object Names will cause policy installation to fail.

  • ipv6
  • block
  • cp_mgmt 

 

Object Names that can potentially cause a security risk

Note: Using these Object Names can potentially open up your Security Gateway to more than you might expect.

  • Anything with the name of a pre-defined service
  • firewall-1
  • fw1
  • FW1
  • fw-1
  • mail
  • smtp

 

Names of IPS protections

Name of any Object / User can not be identical to a name of some IPS protections as defined in the $FWDIR/conf/inspect.C file on Security Management Server / Multi-Domain Security Management Server (you can also refer to the C:\Program Files (x86)\CheckPoint\SmartConsole\<RXX>\PROGRAM\data\cpml_dir\conf\AdvancedDB\inspect.C file on SmartConsole computer).

Example of names (from "inspect.C" file) that will be rejected by SmartDashboard:

  • art
  • dns_atma
  • wmp_sami
  • rtf

Note: If you get a warning "Name already used!" in SmartDashboard, then check the "inspect.C" file.

 

LTE reserved words

  • Anything with the name of a pre-defined service
  • sctp
  • rpc
  • diameter
Imported from Nokia support database
Applies To:
  • This solution integrates sk6648
  • This solution integrates 36.0.89127.2471605
  • 01215461

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment