Microsoft Internet Security and Acceleration Server 2000

Creating and Applying Enterprise Policy to an Array

The scenario describes the steps to take to create an enterprise policy and apply it to the enterprise or to an entire corporation. In this example, the enterprise has two branch offices, branch 1 and branch 2, each represented by an array of ISA servers.

For this example, you can assume that the corporation headquarters office policy states that employees in all branch offices are allowed HTTP access to all sites, and that the branch 1 policy allows HTTP access to members of the sales team only.

To create the enterprise policy

Follow these steps to create an enterprise policy. Both Visual Basic and VBScript code are provided

  1. Create a new enterprise policy, called "HQ" (headquarters).

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
'Add new policy to the enterprise policies collection
Set objPolicy = objFPC.Enterprise.EnterprisePolicies.Add ("HQ")
'Save Changes to the root object
objFPC.Save

    VBScript Code:

    Set objFPC  = CreateObject ("FPC.Root")
Set objPolicy = objFPC.EnterprisePolicies.Policies.Add ("HQ")
objFPC.Save
  2. Add a protocol rule that allows HTTP requests to the new "HQ" policy.

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
Dim NewProtocolRule As FPCProtocolRule
Dim EnterprisePolicy As fpcEnterprisePolicy
' get new policy "HQ"
Set NewEnterprisePolicy = objFPC.Enterprise.EnterprisePolicies.Policies("HQ")
Set NewProtocolRule = NewEnterprisePolicy.ProtocolRules.Add("Branch 1 Rule")
NewProtocolRule.Save

    VBScript Code:

    Set objFPC  = CreateObject ("FPC.Root")
Set NewEnterprisePolicy = objFPC.Enterprise.EnterprisePolicies.Policies("HQ")
Set NewProtocolRule = NewEnterprisePolicy.ProtocolRules.Add("Branch 1 Rule")
NewProtocolRule.Save

To create an array policy for Branch 1 and implement the enterprise policy

These steps will apply the headquarters policy to Branch 1, and create a local policy to allow HTTP access to employees in the sales department only.

  1. Enable the HQ enterprise policy.
  2. Create a protocol rule that denies HTTP access to a client set that includes all users except those from the sales department.

    Visual Basic Code:

    Dim objFPC As New FPCLib.FPC
Dim NewProtocolRule As FPCProtocolRule
Dim MyProtocolRefs As FPCRefs
Dim MyClientSets As FPCRefs
Set NewProtocolRule = objFPC.Enterprise.EnterprisePolicies.Policies(1).ProtocolRules.Add("HTTP Allow")
NewProtocolRule.Action = fpcActionDeny
NewProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
Set MyProtocolRefs = NewProtocolRule.SpecifiedProtocols
MyProtocolRefs.Add "HTTP", "", fpcEnterpriseScope
Set MyClientSets = NewProtocolRule.ClientAddressSetsUsed
MyClientSets.Add "Non Sales Team", "", fpcEnterpriseScope
objFPC.Save

    VBScript Code:

    'Define the enumerated type values
const fpcActionDeny = 1
const fpcSpecifiedProtocols = 1
const fpcEnterpriseScope = 1
Set objFPC  = CreateObject ("FPC.Root")
Set NewProtocolRule = objFPC.Enterprise.EnterprisePolicies.Policies(1).ProtocolRules.Add("HTTP Allow")
NewProtocolRule.Action = fpcActionDeny
NewProtocolRule.ProtocolSelectionMethod = fpcSpecifiedProtocols
Set MyProtocolRefs = NewProtocolRule.SpecifiedProtocols
MyProtocolRefs.Add "HTTP", "", fpcEnterpriseScope
Set MyClientSets = NewProtocolRule.ClientAddressSetsUsed
MyClientSets.Add "Non Sales Team", "", fpcEnterpriseScope
objFPC.Save
Built on Monday, December 04, 2000