ApplicGate
(v11.1.8216.21656 started 2022-06-30 10:03:49 on VM1)

The field UID (Unique IDentity) is used to have a unique reference to a routing table entry during life time and to build links.

During table load a check for uniqueness will be done. Duplicate entries will be shown by the function Statistics.
UID may consist of up to 3 strings:
- main: defines a group of routing entries
- sub: defines a specific entry within the group
- shortcut: should connect to the routing entry, e.g.
-- http(s) links, links to .RDP or .VNC files for remote desktop connections, links to .bat files with "NET USE" commands to connect to file shares etc..
-- Shortcuts starting with "cmd:", "cmdb:" or "share:" for commands to be executed when the keyword SCST is defined.
main, main.sub or main/sub must be unique

An overview about shortcut generation can be found here.

If links for documentation and links for shortcuts should be built:
- The keyword UIDN must be defined for this UID (see below).
- The routing entry (where the keyword UIDN is specified) must have an entry in the eMail field and in the UID field.
- The path is retrieved from the field linkToDocumentation of keyword UIDN.
- If this path ends with "/" the main field of UID will be added to the link.
- If this path does not end with "/" the main field of UID will not be added to the link.
     UID:          generated links for:  path ends with "/":     path does not end with"/":
main main path/main path
main~shortcut main path/main path
shortcut path/main/shortcut path/shortcut
main.sub main path/main path
main.sub~shortcut main: path/main path
shortcut path/main/sub.shortcut path/sub.shortcut
main/sub main path/main path
sub path/main/sub path/sub
main/sub~shortcut main path/main path
sub path/main/sub path/sub
shortcut path/main/sub/shortcut path/sub/shortcut
Note: If routing entries are shown with "minumum display": Shortcuts are displayed in the separate column "Shortcut".

If a shortcut starts with the string "cmd:", "cmdb:", "share:", "file:", "http://" or "https://":
- The UIDN field linkToDocumentation is not used to construct the link, the shortcut is the complete link
- cmd: ... if keyword SCST ist defined: The command will be executed, the strings %ip% and %port% will be replaced with the actual value.
--- Examples:
---- Shortcut to start PuTTY: cmd:putty -P %port% %ip%
---- Shortcut to start RDP: cmd:mstsc /v:%ip%:%port%
- cmdb: ... if keyword SCST ist defined: The command will be inserted into a temporary .bat file, then the .bat file will be executed.
--- The string %ip% and %port% will be replaced with the actual value.
--- At the end of the .bat file the command pause will be inserted. This allows the user to see the result of the command.
--- Example:
---- Shortcut to map a network share: cmdb:net use * \\%ip%\ApplicGate * /User:Comp1\User2
- share:sharename user ... if keyword SCST ist defined: The command "NET USE" to map a network drive will be inserted into a temporary .bat file, then the .bat file will be executed.
--- The user will be prompted to specify the password of the user.
--- At the end of the .bat file the command pause will be inserted. This allows the user to see the result of the command.
--- Up to two additional arguments for the "NET USE" command may be added.
--- As default the argument "/Persistent:no" will be added, it may be overwritten.
--- Example (short form of the example above):
---- share:ApplicGate Comp1\User2
- file: ... reference to a file. Caution: Most of the browsers have restrictions to access such "file:" links.
- http:// or https:// ... links executed by the browser
--- The first "*" will be replaced by GatewayIP:GatewayPort
--- Example: http://*/abc
Further hints for autologon clients can be found here.

Keyword UIDN:uidname!AuthorizedUsers!linkToDocumentation ... to specify links to documentation and shortcuts for routing entries
- Can be specified in any routing entry, specify only one entry per UID with identical main part.
- uidname ... long text for all UID entries with same main part, used to generate the UID list
- AuthorizedUsers ... list of email addresses (lowercase!) or groups with email addresses separated by | to display UID list accessible for logged on user only
- linkToDocumentation ... used to build links for UID field, must start with "http://", "https://" or "file://"
-- if linkToDocumentation ends with / the main field of UID will be added to the link
-- if linkToDocumentation does not end with / the main field of UID will not be added to the link
Examples for linkToDocumentation: http://server/Doc/123 , https://x.y.com/Doc/123/ , file://server/myshare/4711
Note: The routing entry (where the keyword UIDN is specified) must have an entry in the eMail field (responsible for this group of routing entries) and in the UID field!

Example:
SourceIP   ;GatewayIP  ;GatewayPort;GatewayIP2;DestinationIP;DestinationPort;Expiration;Type                                 ;UID               ;Comment   ;eMail
*          ;127.0.0.1  ;99         ;manage    ;300          ;30             ;*         ;LGS                                  ;MGMT              ;Management;mike@x.com
*@x.com    ;192.168.1.1;200        ;*         ;10.10.10.10  ;3389           ;          ;UIDN:Test!*@x.com!file://myServer/SC/;T10.101~SRVT.RDP  ;RDP       ;john@x.com
*@x.com    ;192.168.1.1;82         ;*         ;10.10.10.10  ;80             ;          ;                                     ;T10.102~http://*/A;Web       ;john@x.com
sarah@x.com;192.168.1.1;445        ;*         ;10.10.10.10  ;*              ;          ;                                     ;T10.103~ShareD.bat;FileShare ;mary@x.com
*@*        ;192.168.1.2;445        ;*         ;10.10.10.12  ;*              ;          ;                                     ;T10/123~ShareE.bat;FileShare ;john@x.com
*@x.com    ;192.168.1.1;300        ;*         ;10.10.10.10  ;3389           ;          ;UIDN:Pro12!*@x.com!file://myServer2/P;P12.101~SRVP.RDP  ;RDP       ;john@x.com

 The links in the UID column will resolve as follows:
 T10        --> file://myserver/SC/T10
 P12        --> file://myserver2/P
 123        --> file://myserver/SC/T10/123
 SRVT.RDP   --> file://myserver/SC/T10/101.SRVT.RDP
 http://*/A --> http://192.168.1.1:82/A
 ShareD.bat --> file://myserver/SC/T10/103.ShareD.bat
 ShareE.bat --> file://myserver/SC/T10/123/ShareE.bat
 RVP.RDP    --> file://myserver2/P/101.SRVP.RDP
 Note: There are no links for 101, 102 and 103!
Keyword DOCURL:GeneraLinkToDocumentation ... to specify links to documentation for routing entries (especially for the system administrator):
- GeneraLinkToDocumentation must start with "file:", "http://" or "https://".- The keyword must be defined in a "manage" entry: Specify DOCURL only once, then this link is used in all routing entries where an UID is specified.
- If the keyword DOCURL is defined and if the session has the manage right:
- The separator after main (".", "/" or "~") points to following link:
-- If GeneraLinkToDocumentation ends with "/": The link is "GeneraLinkToDocumentation/main".
-- If GeneraLinkToDocumentation does not end with "/" : The link is "GeneraLinkToDocumentation". UID field "main" is not added!

The UID list will be generated automatically using the keyword UIDN.
This list also shows the last usage of any routing entry belonging to such an UID list entry.
Prerequisite is that the user of such a routing entry is known (logon or client certificate).
The usage information (if there is any) will be sent within the expiration email.
If the usage of a routing entry should not been recorded, the keyword NOUMON must be specified in that routing entry.

The UID list can be retrieved via following links:
UID List (all users) ... complete list of UIDs.
UID List (my logon) ... list of UIDs where access is given dependent on the current logon.
uidrpr ... lists http(s) shortcuts only, prerequisites:
- Keyword REVPR must be specified.
- The connection must be authenticated by a client certificate.

Special considerations when using a link with https:
Instead of IP addresses names should be used, otherwise the browser will issue a warning message.
Direct links:
- The name must be defined and resolve to the IP address.
Links via REVPR (connected using TLS and authenticated via a certificate):
- Links will be constructed using the IP address and the Application Gateway connects via TLS on behalf of the source to the target.
- Therefore client certificates cannot be requested by the target because the Application Gateway does not have any for this link.
Link via autologon clients.
- Links will be constructed using the local IP address because the name cannot be resolved to the local address.
- Therefore the browser will issue a warning message.
- A possible future option would be to generate appropriate hosts file entries or convert the link to http locally and let the Application Gateway connect using TLS.
- Or insert the necessary hosts file entry manually and define a shortcut or favorite of your own.
ApplicGate Logo  reinhold.leitner@applicgate.com (C) June 2022
www.applicgate.com