Can't import newly created ASCII URI Specification file

[RBambrah]

Hi Everyone,

I have a strange problem importing a NEW ASCII URI specification file to block certain URLs. When I try to import I get an error "can't open the source file" and ends up with "import operation failed". I try creating the file on both XP and Vista but same issue.

We are running NGX R62 on Nokia IP 260,
IPSO-4.2-BUILD038-03.23.2007-225808-1515

Do I need to enable or disable something, somewhere.
I have also setup a rule for blocking downloads as a URI resource and works like a charm

Any help or guidence is appriciated

Thanks
RBambrah

[MarioL]

Not sure if the import is from the GUI machine or SmartCenter server, but if it's on the server, check file permissions and also maybe use VI to check that the format is right. Windows and Unix have different escape "CR" characters.

[RBambrah]

Thanks Mario,

We are running everything on the appliance and I'm creating a brand new file not editing the existing one and creating on my Vista.

Is there a default file I can download and edit if yes where can I find it

Thanks again
RBambrah

[MarioL]

Well the problem might be file format, not sure. It's supposed to be:
ip-address /path category

Example:
1.1.1.1 /games 1
ww w.google.com 1

(space is so the board doesnt put it as a link)

Category is not currently used, according to the help.

From Check Point Help stuff:
"The URI specification file is an ASCII file consisting of a list of lines. Each line has the format

ip-address /path category

ip-address is the IP address of the web server t be matched. Host names can be used, but DNS must be enabled and configured on the VPN-1 gateway.

/path is optional. Use it to restrict a particular directory in a site.

category can be any Hex number. It is not currently used."

[RBambrah]

Thanks Again Mario,

Yes I'm following the CP guidelines but no luck...Anyway..I'm not sure if you are comfotable looking at my file. you can view it here

bambrah.com/docs/block.zip

Thanks

[MarioL]

Just checked the file, I'd remove the "/" and the "\n".

So it would read:
1.1.1.1 1
2.2.2.2 1
3.3.3.3 1

etc

[RBambrah]

Mario,

I modified the file but no luck...same error "can't open the source file"

Do I need to rename the extension? e.g .c or .xml etc ?

where does the file reside (directory) once you import successfully.

Modified version: bambrah.com/docs/URL.zip

Thanks
RBambrah

[MarioL]

Don't think you need any extension, also no idea where it resides after import.

You need one more change to the file, add a space and the number "1" at the end of all lines, like:
209.202.220.97 1
64.58.76.99 1
etc...

Otherwise you don't comply with the format.

To be honest, if I was you, given the number of sites (few), I'd actually create a resource for each, using domain name, and then put the all in a group and block them like that.

[RBambrah]

I have already defined that blocked group by domain names and works fine but I want to display a company policy disclaimer through that Replacement URI option in URI resource, which domain Block group don't offer.

Also ebay.com and some other domain blocking don't work with domain blocking defined group under DNS blocking

I also modified the file but no luck uploading, same error

[MarioL]

It might be permissions on the file or directory, where do you have the file and what permissions do you have on it?

[RBambrah]

I'm loggin in as administrator and that was one my original questions that I want to know where this file resides on the appliance so I can check the permissions or rights on it..I'm creating a new file on my laptop not exporting or modifying the old one and thats when I'm having a problem importing a new file in CP...saying can't open the resource file & import operation failed

[browntc]

This is a known issue with R62. The ascii file needs to be in the c:\program files\checkpoint\smartconsole\r62\program directory for the file to be imported successfully.