Search Engine

In each view you can search the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. database for information relevant to the view. For example:

• Gateway, by name or IP address

• Access Control rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.

• NAT rule

• Threat Prevention profile

• Specific threat or a threat category

• Object tags

You can search for an object in the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. database in two ways:

• Enter the prefix of the object's name. For example, to find USGlobalHost, you can enter USG in the search box.

• Enter any sequence of characters in the object's name and add an asterisk (*) before such sequence.

  For example, to find USGlobalHost, you can enter *oba, *host, *SG and so on in the search box.

IP Search

You can run an advanced search for an IP address, network, or port. It returns direct and indirect matches for your search criteria.

• IP address: xxx.xxx.xxx.xxx

• Network: xxx.xxx.0.0/16 or xxx.xxx

• Port: svc:<xxx>

These are the different IP search modes:

• General - (Default). Returns direct matched results and indirect results in IP ranges, networks, groups, groups with exclusion, and rules that contain these objects.

• Packet - Matches rules as if a packet with your IP address arrives at the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

General IP Search

This is the default search mode. Use it to search in Rule Bases and in objects. If you enter a string that is not a valid IP or network, the search engine treats it as text.

When you enter a valid IP address or network, an advanced search is done and on these objects and rules:

• Objects that have the IP address as a text value for example, in a comment

• Objects that have an IP address property (direct results)

• Groups, networks, and address ranges that contain objects with the text value or address value

• Rules that contain those objects

Packet Search

A Packet Search matches rules as if a packet with your IP address arrives at the Security Gateway.

It matches rules that have:

• The IP address in a column of the rule

• "Any"

• A Group-with-exclusion or negated field with the IP address in its declaration

To run a Packet Search:

1. Click the search box.

   The search window opens.

2. Click Packet or enter: "mode:Packet"

3. To search a specific rule column, enter: ColumnName:Criteria

Rule Base Results

When you enter search criteria and view the matched results, the value that matched the criteria in a rule is highlighted.

If there is...	This is highlighted
A direct match on an object name or on textual columns	Only the specific matched characters
A direct match on object properties	The entire object name
A negated column	The negated label
A match on "Any"	"Any"

Known Limitation:

• Packet search does not support IPv6.