Checkpoint Naming Convention
Checkpoint Naming Convention
Before deciding on a naming convention for a particular system, it better to know what the reason behind it. Naming Convention creates corporate standard, which everyone observes and understand easily.
Good naming convention is something a HelpDesk person, Firewall expert or External Consultant can all understand by just looking at it without having to read a complex documentation. Easy naming conventions can be easily adopted in any organisations as it's simple - KISS concept.
It helps everyone by making it easy reading in the logs, and easy to search when creating log filters by scrolling down. Having simpler names for Firewall, Networks, Group, Nodes can create confusion and at worst valuable time, which can be lost when system is down. When you have objects all over the place, it's better to standardise for the future and ease of management.
It's better to keep things simple - KISS, following is a simple guide i.e. resourcetype_name_ip or resourcetype_Locations_name_ip, which you can adopt or change to meet your corporate requirements. Standardisation creates a good understanding and not conflict as different people will have different method of doing things.
Golden Rule - Document it first, circulated it via e-mail requesting feedback and changes and then create the final standardisation document, which will have everyone's feedback and makes the part of everyone.
|
Objects |
|
|
FW_zz_yy_xx |
Firewall object |
|
NET_zz_yy_xx |
Network object |
|
GRP_zz_yy_xx |
Group object |
|
WS_zz_yy_xx |
Workstation object |
|
SVR_zz_yy_xx |
Server objects |
|
Enryption_Domain_zz_yy_xx |
Simple Group - Encryption domain for VPN's object |
|
VIR_zz_yy_xx |
Virtual object |
|
LG_zz_yy_xx |
Logical object |
|
|
|
|
EXT_zz_yy_xx |
Object with External IP / NAT Address |
|
|
|
This enables all the objects to be grouped together and will help when it comes to create new services or using Tracker.
|
Services |
Service_portnumber_What_Is_It_used_for |
|
tcp_8000_Extranet |
TCP Service |
|
udp_9000_autolog |
UDP Service |
|
tcp_8000-8010_Dev |
TCP Services range and purpose |
|
udp_9000-9010_App |
UDP Services range |
|
|
|
This enables all the services to be grouped together and will help when it comes to create new services.
Objects Colouring
Green / Blue / Yellow / - Example of Internal Object / Services
Red / Orange / Burgundy / - Example of External Object / Services