Security Gateway and Security Management have some reserved words and characters, which cannot be used in SmartConsole.

Important: The list of words is partial. It is dynamic and no one ever presumed to populate it so it will include all cases.

The characters and reserved words listed below should not be used within objects definition (i.e., Network Objects, Users, Groups, etc.).

Table of Contents:

• Illegal characters
• INSPECT reserved words
• Reserved words in CPM server
• Days of weeks
• Months
• Time reference
• Colors
• Special characters
• Scoped reserved words
• List Prefixes
• User Names
• Object Names
• Object Names that can potentially cause a security risk
• Names of IPS protections
• LTE reserved words

 

Illegal characters

(space) + (plus sign) * (asterisk) ( (left parenthesis) ) (right parenthesis) { (left curly brace) } (right curly brace) [ (left square bracket) ] (right square bracket)    ? (question mark)

! (exclamation mark) # (number/pound sign)    < (less-than sign) > (greater-than sign) = (equals sign) , (comma) : (colon) ; (semi-colon) ' (single quote) " (double quote)

` (back quote) / (slash) \ (backslash) \t (horizontal tabulation) @ (at sign) $ (dollar sign) % (percent sign) ^ (caret) | (vertical bar, pipeline) & (ampersand) ~ (tilde)

Object definition can not start with "[S|s][R|r]n", where "n" is a decimal number between 0 and 15 (e.g., can not start with SR1, Sr4, sR9, etc.).

Note: The "-" (dash) sign is used in INSPECT code as a word separator, and any string that is in the form of: "<characters>-<reserved word>" cannot be used (e.g., the name "something-inbound").

 

INSPECT reserved words  

accept all All and any Any apr Apr april April aug Aug august August black blackboxs blue broadcasts call comment conn date day debug dec Dec december December deffunc define delete delstate direction do domains drop dst dynamic edge else expcall expires export fcall feb Feb february February firebrick

foreground forest format fri Fri friday Friday from fw1 FW1 fwline fwrule gateways get getstate gold gray green hashsize hold host hosts if ifaddr ifid implies in inbound instate interface interfaces ipsecdata ipsecmethods is  jan Jan january January jul Jul july July jun Jun june June kbuf keep limit

local localhost log LOG logics magenta mar Mar march March may May mday medium modify mon Mon monday Monday month mortrap navy netof nets nexpires not nov Nov november November oct Oct october October or orange origdport origdst origsport origsrc other outbound packet packetid packetlen pass r_arg r_call_counter r_cdir

r_cflags r_chandler r_client_community r_client_ifs_grp r_community_left r_connarg r_spii_uuid4 r_str_dport r_str_dst r_str_ipp r_str_sport r_str_src r_user record red refresh reject routers r_crule r_ctimeout r_ctype r_curr_feature_id r_data_offset r_dtmatch r_dtmflags r_entry r_g_offset r_ipv6 r_mapped_ip r_mflags r_mhandler r_mtimeout r_oldcdir r_pflags r_profile_id r_ro_client_community r_ro_dst_sr r_ro_server_community r_ro_src_sr r_scvres r_server_community r_server_ifs_grp r_service_id r_simple_hdrlen r_spii_ret r_spii_tcpseq r_spii_uuid1 r_spii_uuid2 r_spii_uuid3

sat Sat saturday Saturday second sep Sep september September set setstate skipme skippeer sr src static sun Sun sunday Sunday switchs sync targets thu Thu thursday Thursday to tod tue Tue tuesday Tuesday ufp vanish vars wasskipped wed Wed wednesday Wednesday while xlatedport xlatedst xlatemethod xlatesport xlatesrc xor year zero zero_ip

Reserved words in CPM server

• CPM
• Global
• Web

Days of weeks

mon Mon monday Monday tue Tue tuesday Tuesday   wed Wed

wednesday Wednesday   thu Thu thursday Thursday fri Fri friday

Friday sat Sat saturday Saturday sun Sun sunday Sunday

 

Months

jan Jan january January feb Feb february February mar Mar march March

apr Apr april April may May jun Jun june June

jul Jul july July aug Aug august August sep Sep september September

oct Oct october October nov Nov november November dec Dec december December

 

Time reference

• date
• day
• month
• year

 

Colors

To be on a safe side, avoid any gradients of the colors listed below (e.g., dark, light, medium, etc).

• black
• blue
• cyan
• dark
• firebrick
• foreground
• forest
• gold
• gray
• green
• magenta
• medium
• navy
• orange
• red
• sienna
• yellow

 

Special characters

Special characters are not supported (in languages such as French, Spanish, German, Japanese) for versions below R80.

Examples: Æ, ç, ê, ü, etc.

Refer to sk131473 - Naming of network objects on R80.x Security Management server

Scoped reserved words

• Account
• Alert
• Auth
• AuthAlert
• Duplicate
• gateways
• host
• Long
• Mail
• netobj
• resourceobj
• routers
• servers
• servobj
• Short
• SnmpTrap
• spoof
• spoofalert
• targets
• tracks
• ufp
• UserDefined

 

List Prefixes

• dynobj_list
• full_service_list
• ip_list
• rulenum_list
• service_list
• target_list
• tcpt_list
• valid_addrs_list

 

User Names

• admin
• fwadmin

 

Object Names

Note: Using these Object Names will cause policy installation to fail.

• iot
• ipv6
• block
• cp_mgmt

 

Object Names that can potentially cause a security risk

Note: Using these Object Names can potentially open up your Security Gateway to more than you might expect.

• Anything with the name of a pre-defined service
• firewall-1
• fw1
• FW1
• fw-1
• mail
• smtp

 

Names of IPS protections

Name of any Object / User can not be identical to a name of some IPS protections as defined in the $FWDIR/conf/inspect.C file on Security Management Server / Multi-Domain Security Management Server (you can also refer to the C:\Program Files (x86)\CheckPoint\SmartConsole\<RXX>\PROGRAM\data\cpml_dir\conf\AdvancedDB\inspect.C file on SmartConsole computer).

Example of names (from "inspect.C" file) that will be rejected by SmartDashboard:

• art
• dns_atma
• wmp_sami
• rtf

Note: If you get a warning "Name already used!" in SmartConsole, check the inspect.C file.

 

LTE reserved words

• Anything with the name of a pre-defined service
• sctp
• rpc
• diameter

Imported from Nokia support database