|Microsoft Internet Security and Acceleration Server 2000|
You must install filters on the ISA Server computer, where they must reside locally. Filters must be registered as COM servers and in the ISA configuration.
Filters that register a protocol need to have the protocol registered on the enterprise level. This is particularly important in a situation where only enterprise policy is used. Developers of application filters should therefore provide two installation facilities, one for installing a filter in the array, and one for registering the filter at the enterprise level.
The registration process includes the following steps:
Note When an ISA administrator installs a filter on ISA servers, there may be functions that should be performed during the first installation of the filter on a server, such as IFWXFilterAdmin::RegisterProtocolForFilter. More importantly, during uninstallation there may be functions that should only be performed by the last uninstallation, such as IFWXFilterAdmin::UnregisterProtocolForFilter. In that case, the protocol might be unregistered while filters on some servers still require that the protocols be registered. For this reason, when you develop a filter, you should consider using a mechanism to synchronize filter installation in an array.
One solution is to use the VendorParametersSets collection (accessed through the FPCServer.VendorParametersSets property) to write to the server storage a value under the vendor name and filter GUID. The server storage will thus have a record that the filter is installed, and your filter can use that information to keep track of its relative order in the installation or uninstallation process.
Provided here are examples of the commands used to perform application filter setup on the array and enterprise level.
To set up the application filter on an array
As an alternative to steps 2 and 3, you can run:
regsvr32 /i:array mydll.dll
To set up the application filter on an enterprise
Note There is no need to install the DLL on the computer.
To uninstall an application filter from an array
As an alternative to these two steps you can run:
regsvr32 /u /i:array mydll.dll
To uninstall an application filter from an enterprise
Note Because the filter objects are created when the Firewall service starts, the server must be stopped and then restarted after setup is completed.
The RegSvr32 utility is not a required part of the setup. A setup utility can use RegSvr32, or load the DLL and call the registration code directly.
Services may not have the necessary permissions to allow them to write vendor-specific information to the DS. For this reason, you should perform the saving of vendor parameters to ISA during filter setup.