Microsoft Internet Security and Acceleration Server 2000

Creating and Applying Enterprise Policy to an Array

The scenario describes the steps to take to create an enterprise policy and apply it to the enterprise or to an entire corporation. In this example, the enterprise has two branch offices, branch 1 and branch 2, each represented by an array of ISA servers.

For this example, you can assume that the corporation headquarters office policy states that employees in all branch offices are allowed HTTP access to all sites, and that the branch 1 policy allows HTTP access to members of the sales team only.

To create the enterprise policy

Follow these steps to create an enterprise policy. Both Visual Basic and VBScript code are provided

  1. Create a new enterprise policy, called "HQ" (headquarters).

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
    'Add new policy to the enterprise policies collection
    Set objPolicy = objFPC.Enterprise.EnterprisePolicies.Add ("HQ")
    'Save Changes to the root object
    objFPC.Save
    

    VBScript Code:

    Set objFPC  = CreateObject ("FPC.Root")
    Set objPolicy = objFPC.EnterprisePolicies.Policies.Add ("HQ")
    objFPC.Save
    
  2. Add a protocol rule that allows HTTP requests to the new "HQ" policy.

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
    Dim NewProtocolRule As FPCProtocolRule
    Dim EnterprisePolicy As fpcEnterprisePolicy
    ' get new policy "HQ"
    Set NewEnterprisePolicy = objFPC.Enterprise.EnterprisePolicies.Policies("HQ")
    Set NewProtocolRule = NewEnterprisePolicy.ProtocolRules.Add("Branch 1 Rule")
    NewProtocolRule.Save
    

    VBScript Code:

    Set objFPC  = CreateObject ("FPC.Root")
    Set NewEnterprisePolicy = objFPC.Enterprise.EnterprisePolicies.Policies("HQ")
    Set NewProtocolRule = NewEnterprisePolicy.ProtocolRules.Add("Branch 1 Rule")
    NewProtocolRule.Save
    

To create an array policy for Branch 1 and implement the enterprise policy

These steps will apply the headquarters policy to Branch 1, and create a local policy to allow HTTP access to employees in the sales department only.

  1. Enable the HQ enterprise policy.
  2. Create a protocol rule that denies HTTP access to a client set that includes all users except those from the sales department.

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
    Dim NewProtocolRule As FPCProtocolRule
    Dim MyProtocolRefs As FPCRefs
    Dim MyClientSets As FPCRefs
    Set NewProtocolRule = objFPC.Enterprise.EnterprisePolicies.Policies(1).ProtocolRules.Add("HTTP Allow")
    NewProtocolRule.Action = fpcActionDeny
    NewProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
    Set MyProtocolRefs = NewProtocolRule.SpecifiedProtocols
    MyProtocolRefs.Add "HTTP", "", fpcEnterpriseScope
    Set MyClientSets = NewProtocolRule.ClientAddressSetsUsed
    MyClientSets.Add "Non Sales Team", "", fpcEnterpriseScope
    objFPC.Save
    

    VBScript Code:

    'Define the enumerated type values
    const fpcActionDeny = 1
    const fpcSpecifiedProtocols = 1
    const fpcEnterpriseScope = 1
    Set objFPC  = CreateObject ("FPC.Root")
    Set NewProtocolRule = objFPC.Enterprise.EnterprisePolicies.Policies(1).ProtocolRules.Add("HTTP Allow")
    NewProtocolRule.Action = fpcActionDeny
    NewProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
    Set MyProtocolRefs = NewProtocolRule.SpecifiedProtocols
    MyProtocolRefs.Add "HTTP", "", fpcEnterpriseScope
    Set MyClientSets = NewProtocolRule.ClientAddressSetsUsed
    MyClientSets.Add "Non Sales Team", "", fpcEnterpriseScope
    objFPC.Save
    
[an error occurred while processing this directive]