Microsoft Internet Security and Acceleration Server 2000 |
The enterprise administrator can select how the enterprise policy should be applied at the array level:
Note If you set the FPCEnterprise.PolicyUsedFlag property equal to fpcArrayPolicyUsed, you cannot subsequently change it to fpcEnterprisePolicyUsed, nor can you change to configuration from fpcEnterprisePolicyUsed to fpcArrayPolicyUsed. The only changes that are permitted are from fpcEnterprisePolicyUsed to fpcArrayAndEnterprisePoliciesUsed and from fpcArrayAndEnterprisePoliciesUsed to fpcEnterprisePolicyUsed.
The areas where the relationship between enterprise and array should be taken into consideration are:
When you create a protocol rule for an array, you can only use a protocol that is defined in the enterprise. If you use any other protocol, you will receive an error message when you run the protocol rule-adding script, and the rule will not be added.
The COM object you use to create a protocol rule is FPCProtocolRule.
Packet filtering cannot be enabled at the enterprise level. However, the enterprise administrator determines whether packet filtering is forced at the array level. Alternatively, the enterprise administrator can allow the array administrator to decide if packet filtering should be made available.
If the enterprise administrator forces packet filtering through the FPCEnterprise.ForcePacketFiltering property, an array administrator will not be able to disable packet filtering through the FPCIpPacketFilter.Enabled property.
The COM object you use to create a packet filter is FPCIpPacketFilter.
Because array policy can only be more restrictive than enterprise policy, you can only add array site and content rules that deny access to what is already allowed by the enterprise, or rules that redirect requests. The COM object you use to create a site and content rule is FPCSiteAndContentRule. You create a Deny rule by setting the FPCSiteAndContentRule.Action property equal to fpcRuleActionDeny. You create redirect rules by setting the FPCSiteAndContentRule.Action property to fpcRuleActionRedirect. If you try to create an allow (fpcRuleActionPermit) site and content rule, you will receive an error message, and the rule will not be created.
Publishing rules cannot be created at the enterprise level. However, the enterprise administrator can specify, using the FPCEnterprise.AllowPublishing property, whether an array is allowed to publish servers. If the array is allowed to publish, the array administrator can create Web publishing rules (FPCWebPublishingRule object) or server publishing rules (FPCServerPublishingRule object). If the enterprise policy does not allow publishing, then an attempt to add a Web or server publishing rule will return an error message.