 Get latest ISA Server
content at ISA Server
Guidance(http://www.microsoft.com/).
Send
feedback about this page. |
ISA Server 2006 Enterprise Edition only
When an array is created, an enterprise policy is applied to the array. If the enterprise administrator did not create any other enterprise policies, the default enterprise policy is applied.
In addition to the enterprise policy rules that are applied to the array, as enterprise administrator, you can also determine how the enterprise policy should be used by the array administrators. You might decide on a restrictive policy. In this case, no firewall policy rules will be configurable at the array level. Or, you might decide on a liberal policy, allowing the array administrators to define any rules.
Specifically, you can configure whether the following types of rules can be created at the array level:
For instructions, see Apply an enterprise policy.
For example, an enterprise policy might only allow access to Hypertext Transfer Protocol (HTTP) addresses and deny communication using all other protocol definitions. An array that uses this enterprise policy can add a rule that limits who can use the HTTP protocol. But the array policy cannot allow communication using other protocols.
Effective array policy is the firewall behavior that results from the ordered set of rules that is the combination of the array-level and enterprise-level policy rules. Rules are processed in the following order:
For example, if an enterprise administrator wants to allow File Transfer Protocol (FTP) access across the enterprise without exception, a pre-array enterprise access rule allowing FTP should be created. However, if it is desired to allow FTP access but give the array administrators the ability to deny FTP access, a post-array enterprise access rule allowing FTP should be created. If an array administrator then creates an array access rule denying FTP, the effective policy will be that FTP is denied. If the array administrator does not create a rule that denies FTP, the effective policy will be that FTP is allowed.
Array-level system policy rules are configured only at the array level. Note that because Microsoft Internet Security and Acceleration (ISA) Server 2006 processes system policy rules first, the array administrator can override even pre-array enterprise policy rules by configuring the system policy.
| Get latest ISA Server
content at ISA Server
Guidance(http://www.microsoft.com/).
Send
feedback about this page. |