Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

FPCNetworkRule

Internet Security and Acceleration Server 2004/2006 SDK

The FPCNetworkRule object represents a single ISA Server network rule. Network rules define routing or network address translation (NAT) relationships between specific network entities.

A network entity can represent a single IP address or multiple IP addresses. The sets of all the source and destination IP addresses in the network entities to which a network rule applies are specified through FPCSelectionIPs objects. The following table lists the network entities that can be referenced in the source and destination FPCSelectionIPs objects of a network rule and the objects that represent a single instance of each network entity.

Network Entity Object
Address range FPCAddressRange
Computer FPCComputer
Computer set FPCComputerSet
Network FPCNetwork
Network set FPCNetworkSet
Subnet FPCSubnet

A routing relationship indicates that traffic allowed by policy rules is routed through the ISA Server computer without any address translation. Routing relationships are bidirectional. If a routing relationship is defined from network A to network B, a routing relationship also exists from network B to network A.

A NAT relationship indicates that IP addresses from the source network are always translated when passing through the ISA Server computer on the way to the destination network. NAT relationships apply in only one direction. If a NAT relationship is defined from source network A to destination network B, the IP addresses of client computers on network A are replaced with an IP address of the network adapter on the ISA Server computer that is connected to network B before requests are passed to a computer on network B. On the other hand, when a packet from the network B is returned to a client computer on network A, the address of the computer on network B is not translated. In other words, clients on network A can see the addresses of computers on network B.

If there is a NAT relationship between source network A and destination network B and a server on network B is published by a server publishing rule, which maps a port number and an IP address (or IP addresses) on the network adapter of the ISA Server computer that listens for requests from clients in network A to a port number and an IP address on the published server, requests that meet all the conditions specified by the server publishing rule are redirected to the IP address of the published server. If there is a routing relationship between these networks, the clients must send requests directly to the IP address of the published server.

When an HTTP or FTP request (or response) is handled by the ISA Server Web proxy, address translation is always performed, and the host receiving the request (or response) sees the packets as having come from the ISA Server computer even if the network rule defines a routing relationship between the source and destination IP addresses.

When there is no network rule defining a network relationship between two IP addresses, ISA Server drops all traffic that is sent from one of these IP addresses to the other and is not handled by the Web proxy.

In ISA Server Enterprise Edition, network rules can also be defined on the enterprise level. If an enterprise-level network rule and an array-level network rule define different relationships between the same pair of IP addresses, the array-level network rule takes precedence.

The FPCNetworkRule object is an element of an FPCNetworkRules collection.

Click here to see the ISA Server object hierarchy.

Inheritance

This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.

Methods

The FPCNetworkRule object does not define any methods.

Properties

The FPCNetworkRule object has the following properties.

Property Description
Description Gets or sets the description of the rule.
DestinationSelectionIPs Gets an FPCSelectionIPs object that specifies the complete set of destination IP addresses to which the rule applies.
Enabled Gets or sets a Boolean value that indicates whether the rule is enabled.
Name Gets or sets the name of the rule.
Order Gets the position of the rule in the list of network rules corresponding to their order of application.
Predefined Gets a Boolean value that indicates whether the network rule is a preinstalled rule that cannot be deleted and whose position in the list of network rules corresponding to their order of application cannot be changed.
RoutingType Gets or sets a value from the FpcNetworkRoutingTypes enumerated type that specifies the type of relationship between the source and destination network entities to which the rule applies.
SourceSelectionIPs Gets an FPCSelectionIPs object that specifies the complete set of source IP addresses to which the rule applies.

Methods Inherited from FPCPersist

Name Description
CancelWaitForChanges Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).
CanImport Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.
Export Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document.
ExportToFile Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file.
GetServiceRestartMask Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.
Import Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage.
ImportFromFile Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage.
LoadDocProperties Provides the XML document's properties so that you can know what information can be imported from the document.
Refresh Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved.
Save Recursively writes the current values of all the properties of the object and its subobjects to persistent storage.
WaitForChanges Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).

Properties Inherited from FPCPersist

Name Description
PersistentName Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.
VendorParametersSets Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object.

Interfaces for C++ Programming

This object implements the IFPCNetworkRule interface.

Requirements

Client Requires Windows XP.
Server Requires Windows Server 2003. Requires Windows Server 2003 or Windows 2000 for ISA Server 2004 Standard Edition.
Version Requires Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004.
IDL

Declared in Msfpccom.idl.

See Also

COM Objects

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.