Group table:
Note:
Optionally groups can be created and updated via web interface on manage connections.
Further information can be found here.
Example:
GroupName;IPranges ;Comment ;eMail ;Expiration
License ;* COMPUTER1 My_Company-My_Name K6IKh7Tm0Mpq4PG3ox4zgtpyxkc8BKhWvRYMbc0/b9eGaqYaT5eDb53o0HrnIBrS;Invalid License;
PrxFilter;*.com,*.at,127.0.0.0/8 ;Sample proxy ;
Test1 ;148.56.1.1-148.56.2.2,1.1.1.1 ;Test1 ; ;2020-01-01
Test2 ;148.56.1.0/24, FE00:1:4::/46 ;Test2 with subnets ; ;
P_Web ;80-82,443 ;Ports to listen ; ;
Test2 ;1.2.3.4-1.2.3.5,1.2.3.255,*.orf.at,www.aon.at ;Allowed URLs for Proxy ; ;
Clients ;reinhold.leitner@aon.at, *@mycompany.com ;Allowed email addresses in certificates; ;T_Clients
ProjA ;reinhold.leitner@aon.at, test@aon.at ;MCHK:*@aon.at, ACL in eMail ;reinhold.leitner@aon.at;
GroupeName ... The name of a group must not contain following characters: \ / . : * ? " < > | ' , ; ! @
If group name ends with #logingroup this login-group will be added internally to all email addresses within this group where no login-group has been specified
IPranges ... comma separated list of IP addresses, range of IP addresses, IP subnets, email addresses (lowercase!), GroupNames.
The maximum nesting depth of groups is 5.
For MIM, PRX and SAP router:
- DNS names are allowed also (may start with * for wildcard)
- Allowed port may be append (separated by !), e.g. localhost!88, 145.22.11.3!443, 10.10.1.1-10.10.1.20!3389, ::1!80
Comment ... any comment (optional), may contain the keyword MCHK:list, see Updating the Group Table
eMail ...comma separated list of email names or groups that contain emails, used to:
..... check privilege for group update via status links and for notification of expiration, see Updating the Group Table
..... send mails for notification when rule expires (see also Group Notify)
Expiration: Time, when group will be disabled, usually format YYYY-MM-DD HH:MM:SS (date is mandatory, time may be omitted) or
* or empty (no expiration) or
name of a Timer Group (name must start with "T_").
The state of a group is checked when it is used in:
- routing table field SourceIP
- routing table field eMail (for notification)
- routing table field DestinationIP when the keyword PRX, SAPR or UDDEST is specified
- routing table field Type, keywords CCR, DELETE, MSG, NOTIFYS, NOTIFYT, OTPU and UIDN
- group table field eMail (for web update and notification)
Expiration is not allowed for special groups (except for "K_", "M_", "O_" "R_" and "X_" groups, see below).
Expiration is checked every timer interval, see keyword TINT.
Special Groups:
Group License: IPranges: License data
Group Notify: IPranges: Keywords to enable mail notification for expired reverselogon certificates, rules and groups and for the keywords NOTIFYS and NOTIFYT
Group Title: IPranges: Title text for menu, may contain html formatting.
Group StyleColors: IPranges: List of styles
Group names with second character _ are reserved for special groups, following groups are defined:
Summary:
Group names may be specified within following fields of the routing table:
SourceIP: group may contain comma separated list of IP addresses, ranges of IP addresses, email addresses (may contain one or more * for wildcard, e.g. *@aon.at, ab*x@mycompany.com, *.mgmt.*@x.com)
GatewayPort (group name must start with "P_"): group may contain list of ports, ranges of ports
DestinationIP (for Type PRX, SAP and UDDEST): may contain comma separated list of IP addresses, ranges of IP addresses, DNS names (may start with * for wildcard)
Type: as parameters in following keywords (special groups see above):
CCR and CCR2: list of email addresses (may contain one or more * for wildcard, e.g. *@aon.at, ab*x@mycompany.com, *.mgmt.*@x.com)
OA2U and OTPU: list of email addresses (may contain one or more * for wildcard, e.g. *@aon.at, ab*x@mycompany.com, *.mgmt.*@x.com)
MIM: exclude list for MIM processing
NOTIFYS and NOTIFYT: list of email addresses to send notifications
UIDN: list of email addresses to define access rights
eMail: comma separated list of email addresses (wildcards are supported).
Group names may be specified within following fields of the group table:
eMail: comma separated list of email addresses (wildcards are supported). See also Updating the Group Table
If a line starts with #, the line will not be processed (comment). Caution: It will be removed when updating the group table via web interface!
If GroupName is empty then this is a continuation line for field IPranges and Comment field (not valid for group License).
Lines with empty GroupName at the beginning of the group table will be ignored.
Example:
GroupName;IPranges ;Comment ;eMail ;Expiration
Test1 ;148.55.0.1-148.56.2.2 ;myComment1 ; ;
;1.1.1.7,1.1.1.8,1.1.1.9 ;myComment2 ; ;