Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Keywords

Description
The following keywords should not be used to represent any user defined object in a FireWall-1 installation:

Short, Long, Account, Alert, SnmpTrap, Mail, UserDefined, spoof, spoofalert, Auth, AuthAlert, Duplicate basewin, serviceswin, netobjwin, viewwin, users, resources, time, true, false, last, first, status_alert, fwalert

If any of these keywords are used to represent either a network or a service object and are subsequently used in a security policy, FireWall-1 will interpret the object definition as "undefined". If no other object is used either in the source/destination or service field of the rule, then the default address definition of "ANY" is used for that particular field. Since most keywords on this list are typically not used to describe network or service objects, the probability of this occurring in your network is very low.

Recommendations
If any of these keywords are defined as network objects or service objects and used in a rule base, then the object should be renamed and the security policy reloaded.

Additional Notes
Mechanisms are being built into future releases of FireWall-1 to prevent using these keywords as user defined objects.