Procedure 9: Configuring array policy

  • Article

After you add servers to an array, you can create an array policy. The array policy you create will be limited based on the restrictions applied to the array by the enterprise administrator.

In this scenario, the FTP Optional enterprise policy created in Procedure 5: Creating enterprise policies allowed access on HTTP and HTTPS, and enables the array administrator to deny FTP access on the array level. This policy was only applied to the branch array. You will create an access rule for the branch array that denies access on FTP.

Note

You can apply granular control over client HTTP access by using the HTTP filter of ISA Server. For more information about HTTP filtering, see HTTP Filtering in ISA ServerĀ 2004(https://www.microsoft.com/).

Creating the access rule for the branch array

Perform this procedure on any member server of the branch array, such as FW-B1.

To create the access rule for the branch array

  1. In ISA Server Management, expand Arrays, expand Branch, and click Firewall Policy.

  2. In the task pane, on the Tasks tab, select Create Array Access Rule to start the New Access Rule Wizard.

  3. On the Welcome page of the wizard, enter the name for the access rule. Use a descriptive name, such as Deny Access on FTP from Branch, and then click Next.

  4. On the Rule Action page, select Deny, and then click Next.

  5. On the Protocols page, in This rule applies to, select Selected protocols. Click Add to open the Add Protocols dialog box. Expand Web, click FTP, and click Add. Click Close to close the Add Protocols dialog box. On the Protocols page, click Next.

  6. On the Access Rule Sources page, click Add to open the Add Network Entities dialog box, expand Networks, select Internal, click Add, and then click Close. On the Access Rule Sources page, click Next.

  7. On the Access Rule Destinations page, click Add to open the Add Network Entities dialog box, expand Networks, select the External network (representing the Internet), click Add, and then click Close. On the Access Rule Destinations page, click Next.

  8. On the User Sets page, because your rule applies to all users, you can leave the user set All Users in place and then click Next.

  9. Review the information on the wizard summary page, and then click Finish.

  10. In the Firewall Policy details pane, click Apply to apply the new access rule.

Creating a Web publishing rule for the main array

Perform this procedure on any member server of the main array, logged on as an array administrator.

The procedure title

  1. In ISA Server Management, expand Arrays, expand Main, and click Firewall Policy.

  2. In the task pane, on the Tasks tab, select Publish a Web Server. Note that you receive an error message, because the enterprise administrator did not enable you to create Web publishing rules on this array.

[Topic Last Modified: 09/26/2007]