| Microsoft Internet Security and Acceleration Server 2000 |
The VBScript script that combines all of the steps in Configuring the ISA Server policy for the organization is shown in the following code.
Sub FirewallPolicy()
'Set the enterprise policy default settings to Use array policy.
'Set all of the enum constants that are used in the script
const fpcArrayPolicyUsed = 0
const fpcAllDestinations = 0
const fpcPrimaryRouteDirect = 0
const fpcServeFromCacheIfValidObjectExists = 0
const fpcPrimaryConnection = 0
const fpcActionAllow = 0
const fpcAppliesToClientSets = 2
const fpcSpecifiedProtocols = 1
const fpcArrayScope = 0
const fpcAppliesToAll = 0
const fpcSpecifiedDestinationSet = 3
const fpcRuleActionPermit = 0
const fpcAppliesToAllContent = 0
'Create the root object
Set objFPC = CreateObject("FPC.root")
objFPC.Enterprise.SetPolicy fpcArrayPolicyUsed
'save your changes
objFPC.Enterprise.Save
'MyPolicies.Save
'Create a dial-up entry called Dial to My ISP and make it the active entry.
'Get the current array
Set objMyArray = objFPC.Arrays.GetContainingArray
'Add the dialup entry
Set objDialUpEntry = objMyArray.PolicyElements.DialupEntries.Add("Dial to My ISP", "Dialup Network Connection")
'Set the credentials for the dialup entry
Set objCredentials = objDialUpEntry.Credentials
objCredentials.UserName = "User Name"
objCredentials.Password = "Password"
'Set this entry as the active entry
objFPC.Arrays.GetContainingArray.PolicyElements.DialupEntries.ActiveEntry = "Dial to My ISP"
'Save the changes
objMyArray.Save
'Create the routing rule
'Get the routing rule collection
Set objRoutingRules = objMyArray.NetworkConfiguration.RoutingRules
'Add the new routing rule
Set objRoutingRule = objRoutingRules.Add("New Rule")
'Configure the new routing rule
objRoutingRule.SetDestination (fpcAllDestinations)
objRoutingRule.PrimaryRoute.RouteType = fpcPrimaryRouteDirect
objRoutingRule.UseCacheCondition = fpcServeFromCacheIfValidObjectExists
'Save the new rule
objRoutingRule.Save
'Create and configure the firewall chaining object
Set objFirewallChaining = objMyArray.NetworkConfiguration.FirewallChaining
objFirewallChaining.ForwardType = fpcPrimaryConnection
objFirewallChaining.ChainingAutoDialOut.EnableAutoDial = True
'Save the change
objFirewallChaining.Save
'Create three client address sets, one for each of the departments.
Set MyClientSets = objFPC.Arrays.GetContainingArray.PolicyElements.ClientAddressSets
'Add the client address set for Sales
Set MyClientSet = MyClientSets.Add("Sales")
'Add a range of IP addresses to the client address set
Set MyClientSet = MyClientSet.Add("111.111.111.111", "111.111.111.115")
'Add the client address set for Research and Development
Set MyClientSet = MyClientSets.Add("Research and Development")
'Add a range of IP addresses to the client address set
Set MyClientSet = MyClientSet.Add("111.111.111.121", "111.111.111.125")
'Add the client address set for HR
Set MyClientSet = MyClientSets.Add("HR")
'Add a range of IP addresses to the client address set
Set MyClientSet = MyClientSet.Add("111.111.111.131", "111.111.111.135")
MyClientSets.Save
'Create a schedule called After Hours.
' get the schedule collection of the current array
Set MySchedules = objFPC.Arrays.GetContainingArray.PolicyElements.Schedules
' Add new Schedule
Set objNewSchedule = MySchedules.Add("After Hours")
' Set the Schedule times to all week, after normal work hours
objNewSchedule.Set fpcALL_WEEK, fpcPM_5 - fpcAM_6
' save your changes
MySchedules.Save
'Create a bandwidth priority called Windows Media Bandwidth
'Get the bandwidth priority collection
Set BandwidthPriorities = objFPC.Arrays.GetContainingArray.PolicyElements.BandwidthPriorities
' Add new bandwidth priority
Set objNewBandwidthPriority = BandwidthPriorities.Add("Windows Media Bandwidth", 10, 10)
'Save your changes
BandwidthPriorities.Save
'Create the first protocol rule
'Get the protocol rules collection
Set ProtocolRules = objMyArray.ArrayPolicy.ProtocolRules
Set ProtocolRule = ProtocolRules.Add ("HTTP Rule 1")
'Configure the rule
ProtocolRule.Action = fpcActionAllow
ProtocolRule.AppliesToMethod = fpcAppliesToClientSets
ProtocolRule.Enabled = True
ProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
ProtocolRule.SpecifiedProtocols.Add ("HTTP")
ProtocolRule.SetAppliesAlways()
Set MyClientSets = ProtocolRule.ClientAddressSetsUsed
MyClientSets.Add "Sales", "", fpcArrayScope
MyClientSets.Add "Research and Development", "", fpcArrayScope
'Save the change
ProtocolRule.Save
'Add the second protocol rule
Set ProtocolRule = ProtocolRules.Add ("HTTP Rule 2")
'Configure the rule
ProtocolRule.Action = fpcActionAllow
ProtocolRule.AppliesToMethod = fpcAppliesToClientSets
ProtocolRule.Enabled = True
ProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
ProtocolRule.SpecifiedProtocols.Add ("HTTP")
ProtocolRule.SetSchedule( "After Hours")
Set MyClientSets = ProtocolRule.ClientAddressSetsUsed
MyClientSets.Add "HR", "", fpcArrayScope
'Save the change
ProtocolRule.Save
'Add the third protocol rule
Set ProtocolRule = ProtocolRules.Add ("Windows Media Rule")
'Configure the rule
ProtocolRule.Action = fpcActionAllow
ProtocolRule.AppliesToMethod = fpcAppliesToAll
ProtocolRule.Enabled = True
ProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
'To specify the Windows Media protocol, you need the GUID of the Streaming Media Filter
ProtocolRule.SpecifiedProtocols.Add "MMS - Windows Media","{473ED0E1-6371-4ED2-9F95-A676B66659A2}",fpcArrayScope
ProtocolRule.SetSchedule( "After Hours")
'Save the change
ProtocolRule.Save
'Create the destination set if it doesn't exist already
'This example includes a single site, so this rule could be very restrictive!
'Get the destination sets collection
Set MyFPCDestinationSets = objFPC.Arrays.GetContainingArray.PolicyElements.DestinationSets
'Add a new set to the collection
Set MyFPCDestinationSet = MyFPCDestinationSets.Add("Approved Sites")
'Add a new destination to the set
Set MyFPCDestination = MyFPCDestinationSet.Add("www.sports.microsoft.com")
MyFPCDestinationSets.Save
' save your changes
MyFPCDestinationSets.Save
'Create the site and content rule
'Get the site and content rules collection
Set MySiteAndContentRules = objFPC.Arrays.GetContainingArray.ArrayPolicy.SiteAndContentRules
'Add new rule object
Set NewSiteAndContentRule = MySiteAndContentRules.Add("Site Restriction Rule")
'Configure the site and content rule
NewSiteAndContentRule.Description = "Allow only corporate-approved sites"
NewSiteAndContentRule.SetDestination fpcSpecifiedDestinationSet, "Approved Sites"
NewSiteAndContentRule.SetAppliesAlways
NewSiteAndContentRule.Action = fpcRuleActionPermit
NewSiteAndContentRule.AppliesToMethod = fpcAppliesToClientSets
Set MyClientSets = NewSiteAndContentRule.ClientAddressSetsUsed
MyClientSets.Add "Sales", "", fpcArrayScope
MyClientSets.Add "Research and Development", "", fpcArrayScope
' save your changes
MySiteAndContentRules.Save
'Create the bandwidth rule
'Get the bandwidth rules collection
Set BandwidthRules = objMyArray.BandwidthRules
'Add a rule
Set BandwidthRule = BandwidthRules.Add("Bandwidth Rule 1")
'The following seven lines define the bandwidth rule
BandwidthRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
BandwidthRule.SpecifiedProtocols.Add "MMS - Windows Media", "{473ED0E1-6371-4ED2-9F95-A676B66659A2}", fpcArrayScope
BandwidthRule.SetSchedule ("After Hours")
BandwidthRule.SetDestination (fpcAllDestinations)
BandwidthRule.AppliesToMethod = fpcAppliesToAll
BandwidthRule.AppliesToContentMethod = fpcAppliesToAllContent
BandwidthRule.SetBandwidthPriority False, "Windows Media Bandwidth"
'Save the rule
BandwidthRule.Save
End Sub
FirewallPolicy