Looking up and managing the custom web service database

This section explains how to look up and manage (import, export and delete) the custom web service database.

IMPORTANT
The custom database always has priority over the official database. By using a custom database, searches in databases stop once a match is found in the custom database, so ensure that you keep it up to date.

Looking up the custom web service database

  1. In the SNS firewall's administration interface, go to Configuration > Objects > Web services, List of web services tab.

  2. Custom web services appear below official web services. Scroll over one to show its properties, which are taken from the last import.

  3. You can look up the IP addresses and FQDNs of custom web services by exporting the database. To do so, click on Export custom database, accept the download of the CSV file, then locate the desired information in the file.

If no custom web services appear, or if you wish to add, modify or remove a web service from the existing database, you must import a new custom database.

Importing a custom web service database

Before proceeding with any import, take note of the following points:

  • You can have only one custom database on the SNS firewall,

  • Databases are imported with a CSV file containing information about web services,

  • When a custom database is successfully imported, it deletes and replaces the existing custom database. When this occurs, ensure that the import file used contains all the custom web services that you wish to keep, otherwise they will be lost,

  • You can download the existing database by clicking on Export custom database to use it as a template to create the new import file.

Import file: format, structure and limitations

  • The file must be in CSV format,

  • Each line of the file is made up of several fields, all separated by commas,

  • Empty optional fields will be included between two commas,

  • The file must contain a blank line after the last entry.

#name,#ip/fqdn,#date,#revision,#comment

Field Description
Service name (mandatory)

Text string meeting the following criteria:

  • Maximum 20 alphanumeric characters,

  • Case insensitive; the name will always be considered in lowercase. Uppercase characters are not kept on the SNS firewall during import.
IP address or FQDN (mandatory)

Public IPv4/IPv6 address or FQDN. An FQDN can contain only one wildcard * at the beginning or middle of its name.

If a web service relies on several IP addresses or several FQDNs, the line that describes it must be duplicated as many times as the number of addresses IP or FQDNs that the service web contains. Only the optional information from the first line will be kept.
Date of revision (optional)

Date and time of revision in YYYY/MM/DD or YYYY/MM/DD hh:mm format (e.g., 2022/10/15 10:30).
Revision number (optional)

Revision number that may contain up to 3 digits: major.minor.patch (e.g., 10.2).
Comments (optional) Free-form text string that can be placed between quotes if it contains commas.

name1,1.1.1.1,2021/09/21 11:00,1.1.1,Simple case
name2,2.2.2.2,2021/12/31,2,"Comment, with comma"
name2,domain.tld,2022/01/01,3,"Date, revision and comment are discarded"
name3,*.newdomain.tld,,,No date and revision

There are limits as to the number of lines allowed in the import file:

Physical SNS firewalls

  

Elastic Virtual Appliances (EVA)

SN160(W)

 5 000

SN210(W), SN310

 10 000
SN-S-Series-220, SN-S-Series-320,
SN510, SN710, SNi20, SNi40		 100 000
SN-M-Series-520, SN-M-Series-720,
SN910, SN-M-Series-920, SN1100,
SN2000, SN2100, SN3000, SN3100,
SN6000, SN6100		 1 000 000
 
EVA with 1 GB of RAM 10 000
EVA with 2 GB to 6 GB of RAM 100 000
EVA with 8 GB to 64 GB of RAM 1 000 000

There is a limit to the possible number of lines containing an FQDN with a wildcard * in the middle: 10% of the number of lines allowed in the import file.

Importing the CSV file

  1. In the SNS firewall's administration interface, go to Configuration > Objects > Web services, List of web services tab.

  2. If a custom database already exists, we recommend that you download a copy of it by clicking on Export custom database.

  3. In the Import custom services tab, Import section, select the import file. If a custom database already exists, the file must contain the web services that you wish to keep, otherwise they will be deleted. Ensure that the web services you are about to delete are no longer used in the configuration of the SNS firewall (filter policy rules, web service groups, etc.).

  4. Click on Import database. The import can be canceled at any time before its completion. If an error appears, take note of it and check your import file. Use a text editor rather than Excel to check the file.

A message will inform you that the import completed successfully. If a custom database already existed, it will be deleted and replaced with the new one.

TIP
You can ask Stormshield to add a web service to the official database.

Deleting the custom web service database

  1. In the SNS firewall's administration interface, ensure that the custom web services are no longer used in the configuration of the SNS firewall (filter policy rules, web service groups, etc.).

  2. Go to Configuration > Objects > Web services, List of web services tab.

  3. We recommend that you download a copy of the custom database before deleting it by clicking on Export custom database.

  4. Click on Delete custom database and confirm.