Using Protocol Groups
Access rules can be configured to apply to all IP traffic, only to certain protocols, or to all IP traffic except certain protocols. If you want several access rules to apply to the same set of protocols, you can maintain a protocol group in the form of a list of protocols (names of FPCProtocolDefinition objects) in a text file and then configure each rule to apply to the protocol group by setting the rule’s ProtocolSelectionMethod property to fpcSpecifiedProtocols, reading the names of the protocols from the file, and adding them to the collection of specified protocols to which the rule applies.
The Microsoft Visual Basic Scripting Edition (VBScript) code in AddProtocolsToRule.vbs (listed later in this Web page) configures the specified access rule to apply to the group of protocols listed in a text file specified by the user. This script must be run on an ISA Server computer with the Microsoft Firewall service installed, but it can be modified to run on a remote management computer.
Usage:CScript AddProtocolsToRule.vbs FileName RuleName
FileName specifies the name of the text file containing the protocol group.
RuleName specifies the name of the access rule to which the protocols will apply.
To configure an access rule to apply to a protocol group stored in a text file
Retrieve the name of the text file containing the protocol group and the name of the access rule that is to apply to the protocols listed in the file from the command-line arguments.
Create an instance of the FPC COM object, which is known as the root object and provides access to the other ISA Server administration COM objects.
Declare an FPCArray object, an FPCPolicyRules collection, an FPCPolicyRule object, an FPCProtocolDefinitions collection, an FPCRefs collection, a FileSystem object, and a TextStream object.
Get references to the array object, the policy rules collection, and the protocol definitions collection.
Try to retrieve the specified rule from the policy rules collection.
Verify that the specified rule is an access rule by checking that its Type property is set to fpcPolicyRuleAccess.
Set the rule’s ProtocolSelectionMethod property to fpcSpecifiedProtocols, if this property is not set to this value.
Retrieve the FPCRefs collection for storing references to the specified protocols from the SpecifiedProtocols property of the access rule and remove any references found in it.
Create an instance of the FileSystem object, and get a reference to the TextStream object for reading the text file containing the protocol group.
In a Do While loop, read each line of the text file into a string and then call the Add method of the FPCRefs collection retrieved from the SpecifiedProtocols property of the access rule to add a reference to the FPCProtocolDefinition object specified by the string to the collection.
Call the Save method on the access rule to write the changes to persistent storage.
Script Listing: AddProtocolsToRule.vbs
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script configures the specified access rule to apply to the group of
' protocols listed in a text file specified by the user.
' This script has minimal error checking.
' Note that text file must contain a list of protocols with the name of each
' protcol on a separate line.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
'Define the constants needed
Const Error_FileNotFound = &H80070002
Const fpcPolicyRuleAccess = 0
Const fpcSpecifiedProtocols = 1
Const ForReading = 1
Const fpcInclude = 0
Main(WScript.Arguments)
Sub Main(args)
If(2 <> args.Count) Then
Usage()
End If
AddProtocolsToRule args(0), args(1)
End Sub
Sub AddProtocolsToRule(fileName, ruleName)
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim isaArray ' An FPCArray object
Dim rules ' An FPCPolicyRules collection
Dim rule ' An FPCPolicyRule object
Dim protocols ' An FPCProtocolDefinitions collection
Dim specifiedProtocols ' An FPCRefs collection
Dim fso ' A FileSystem object
Dim fileStream ' A TextStream object
Dim textRead ' A String
Dim i ' An Integer
' Get references to the array object, the policy rules collection,
' and the protocol definitions collection.
Set isaArray = root.GetContainingArray()
Set rules = isaArray.ArrayPolicy.PolicyRules
Set protocols = isaArray.RuleElements.ProtocolDefinitions
' Retrieve the specified policy rule.
On Error Resume Next
Set rule = rules(ruleName)
If err.Number = Error_FileNotFound Then
WScript.Echo "The access rule " & ruleName & " could not be found."
WScript.Quit
End If
Err.Clear
On Error GoTo 0
' Verify that the specified rule is an access rule.
If rule.Type <> fpcPolicyRuleAccess Then
WScript.Echo "The " & ruleName & " policy rule is not an access rule."
WScript.Quit
End If
WScript.Echo "Configuring the rule to apply to a group of protocols ..."
rule.AccessProperties.ProtocolSelectionMethod = fpcSpecifiedProtocols
' Retrieve the collection for storing references to the specified protocols
' and remove any references found in it.
Set specifiedProtocols = rule.AccessProperties.SpecifiedProtocols
If specifiedProtocols.Count > 0 Then
specifiedProtocols.RemoveAll
End If
Set fso = CreateObject("Scripting.FileSystemObject")
Set fileStream = fso.OpenTextFile(fileName, ForReading)
Do While fileStream.AtEndOfStream <> True
textRead = fileStream.ReadLine
If textRead <> "" Then
On Error Resume Next
protocols.Item textRead
If Err.Number = Error_FileNotFound Then
WScript.Echo "The " & textRead & " protocol is not" & _
" defined in ISA Server."
Err.Clear
Else
specifiedProtocols.Add textRead, fpcInclude
End If
End If
Loop
On Error GoTo 0
' Save the changes to the access rule.
rule.Save
WScript.Echo "Done!"
End Sub
Sub Usage()
WScript.Echo "Usage:" & VbCrLf _
& " " & WScript.ScriptName & " FileName RuleName" & VbCrLf _
& "" & VbCrLf _
& " FileName - Text file containing the list of protocols" & VbCrLf _
& " RuleName - Access rule to which the protocols are to apply"
WScript.Quit
End Sub