ApplicGate
(v11.1.8216.21656 started 2022-06-30 10:03:49 on VM1)

Group table:
Note:
Optionally groups can be created and updated via web interface on manage connections.
Further information can be found here.

Example:
GroupName;IPranges                                      ;Comment                          ;eMail           ;Expiration
License  ;* COMPUTER1 My_Company-My_Name K6IKh7Tm0Mpq4PG3ox4zgtpyxkc8BKhWvRYMbc0/b9eGaqYaT5eDb53o0HrnIBrS;Invalid License;
PrxFilter;*.com,*.at,127.0.0.0/8                        ;Sample proxy                     ;
Test1    ;148.56.1.1-148.56.2.2,1.1.1.1                 ;Test1                            ;                ;2020-01-01
Test2 ;148.56.1.0/24, FE00:1:4::/46 ;Test2 with subnets ; ;
P_Web ;80-82,443 ;Ports to listen ; ;
Test2 ;1.2.3.4-1.2.3.5,1.2.3.255,*.orf.at,www.aon.at ;Allowed URLs for Proxy ; ;
Clients ;reinhold.leitner@aon.at, *@mycompany.com ;Allowed email addresses in certificates; ;T_Clients
ProjA ;reinhold.leitner@aon.at, test@aon.at ;MCHK:*@aon.at, ACL in eMail ;reinhold.leitner@aon.at;
GroupeName ... The name of a group must not contain following characters: \ / : * ? " < > | ' , ; ! @
The name of a group with source IPs must not contain "." (for better error detection).
If group name ends with #logingroup this login-group will be added internally to all email addresses within this group where no login-group has been specified

IPranges ... comma separated list of IP addresses, range of IP addresses, IP subnets, email addresses (lowercase!).
For PRX and SAP router:
- DNS names are allowed also (may start with * for wildcard)
- Allowed port may be append (separated by !), e.g. localhost!88, 145.22.11.3!443, 10.10.1.1-10.10.1.20!3389, ::1!80

Comment ... any comment (optional), may contain the keyword MCHK:list, see Updating the Group Table

eMail ...comma separated list of email names or groups that contain emails, used to:
..... check privilege for group update via status links and for notification of expiration, see Updating the Group Table
..... send mails for notification when rule expires (see also Group Notify)

Expiration: Time, when group will be disabled, usually format YYYY-MM-DD HH:MM:SS (date is mandatory, time may be omitted) or
* or empty (no expiration) or
name of a Timer Group (name must start with "T_").
The state of a group is checked when it is used in:
- routing table field SourceIP
- routing table field eMail (for notification)
- routing table field DestinationIP when the keyword PRX, SAPR or UDDEST is specified
- routing table field Type, keywords CCR, DELETE, MSG, NOTIFYS, NOTIFYT, OTPU and UIDN
- group table field eMail (for web update and notification)
Expiration is not allowed for special groups (except for "M_" and "X_" groups, see below).
Expiration is checked every timer interval, see keyword TINT.

Special Groups:
Group License: IPranges: License data
Group Notify: IPranges: Keywords to enable mail notification for expired rules and groups and for the keywords NOTIFYS and NOTIFYT
Group Title: IPranges: Title text for menu, may contain html formatting.
Group StyleColors: IPranges: List of styles
Group names with second character _ are reserved for special groups, following groups are defined:
Group name
starting with
Function
A_ACLs for managing EAS users and devices by keyword EASACL
B_EAS DeviceTypes to be blocked by keyword EASBLK
C_Parameters for STARTG and STARTP
H_Additional http headers by keyword ADDH
K_Public key to email mapping for se.SAM Alternative Authentication
M_Messages for logon windows or for remote ApplicGate systems
O_Parameters for OAuth 2.0 authentication
P_List of ports and ranges of ports in GatewayPort
R_Parameters for RADIUS authentication
S_Arguments for keywords where certificates are used
T_Timer Groups
X_Mapping for reverse proxy by keyword PRX

Summary:
Group names may be specified within following fields of the routing table:
SourceIP: group may contain comma separated list of IP addresses, ranges of IP addresses, email addresses (may contain one or more * for wildcard, e.g. *@aon.at, ab*x@mycompany.com, *.mgmt.*@x.com)
GatewayPort (group name must start with "P_"): group may contain list of ports, ranges of ports
DestinationIP (for Type PRX and SAP): may contain comma separated list of IP addresses, ranges of IP addresses, DNS names (may start with * for wildcard)
eMail: may contain comma separated list of email addresses
Keyword ADDH: define additional http headers
Keyword CCR and OTPU: list of email addresses (may contain one or more * for wildcard, e.g. *@aon.at, ab*x@mycompany.com, *.mgmt.*@x.com)
Keywords EASACL and EASBLK ... to define access rights and device lists
Keyword NOTIFYS and NOTIFYT: list of email addresses to send notifications
Keyword UIDN: list of email addresses to define access rights
Group names may be specified within following fields of the group table:
eMail: may contain comma separated list of email addresses (wildcards are supported).

If a line starts with #, the line will not be processed (comment). Caution: It will be removed when updating the group table via web interface!
If GroupName is empty then this is a continuation line for field IPranges and Comment field (not valid for group License).
Lines with empty GroupName at the beginning of the group table will be ignored.
Example:
 GroupName;IPranges                 ;Comment     ;eMail ;Expiration
Test1 ;148.55.0.1-148.56.2.2 ;myComment1 ; ;
;1.1.1.7,1.1.1.8,1.1.1.9 ;myComment2 ; ;
Group names may be specified within field eMail of the group table, see Updating the Group Table

ApplicGate Logo  reinhold.leitner@applicgate.com (C) June 2022
www.applicgate.com