Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

FPCPolicyRule

Internet Security and Acceleration Server 2004/2006 SDK

The FPCPolicyRule object represents an access rule, a server publishing rule, a Web publishing rule, or a system policy rule.

An access rule defines the action that will be taken when specific users attempt to access specific sites or content by using ISA Server. ISA Server access rules allow you to define exactly which sites and content can be accessed by clients behind the ISA Server computer and which protocols can be used by the clients to gain access. You can specify when an access rule is in effect by applying a schedule to it.

Server publishing processes incoming requests to internal servers, such as Simple Mail Transfer Protocol (SMTP) servers, File Transfer Protocol (FTP) servers, Structured Query Language (SQL) servers, and others. Requests are forwarded downstream to an internal server, located behind the ISA Server computer. Server publishing rules determine how server publishing functions, essentially filtering all incoming and outgoing requests through the ISA Server computer.

Server publishing rules can be used when there is a network address translation (NAT) relationship defined by a network rule (FPCNetworkRule) between the network on which the clients sending requests to the published server are located (the source network) and the network on which the published server is located (the destination network). A server publishing rule uses secure network address translation (SecureNAT), which allows requests that are sent to an IP address that is valid on the source network to reach an IP address on a protected network behind the ISA Server computer. The server publishing rule maps a port number and an IP address (or IP addresses) on the network adapter of the ISA Server computer that listens for requests from the clients to a port number and an IP address on the published server. Requests that are sent to the IP address of the ISA Server computer and meet the conditions specified by the rule are then redirected to the IP address of the published server. However, only requests that are identified as part of the designated protocol are processed by the server publishing rule and redirected to the published server. Note that the published server must be configured to use the ISA Server computer as its default gateway.

If the network rule between the client network and the network where the server is located defines a routing relationship, server publishing rules can be used, but the clients must send requests directly to the IP address of the published server. With a routing relationship, an access rule can also allow the clients to send requests directly to the IP address of a server located on a network behind the ISA Server computer.

The definitions of the protocol (or protocols) associated with a server publishing rule or an access rule specify the application filters that are invoked for deeper inspection when the rule allows traffic. In general, application filters can process traffic allowed by a server publishing rule or an access rule, but some application filters process traffic allowed by these types of rules differently. Note that server publishing rules must use protocols defined with inbound primary connections, while access rules usually use protocols defined with outbound primary connections.

A Web publishing rule maps public DNS names and IP addresses to the name or IP address of a Web server located behind the ISA Server computer and maps external paths that can be used by users in incoming requests to internal paths of directories on the published Web server. A Web publishing rule also determines how ISA Server should handle incoming requests for HTTP objects on the internal Web server and how ISA Server should respond on behalf of the internal Web server. Requests are forwarded downstream to the internal Web server. If possible, the requests are serviced from the ISA Server cache.

A Web publishing rule defines the response to attempts by outside users to access an internal site. Possible responses include:

  • Denying the request.
  • Delegating the request to a different internal server.

A system policy rule is a predefined rule that allows specific types of requests from the Local Host network (the ISA Server computer) to reach specified destinations, or allows specific types of requests from specified sources to reach the Local Host network. For more information about system policy rules, see System Policy Rules.

In ISA Server Enterprise Edition, the FPCPolicyRule object provides a method for setting a schedule with a specific scope and name as the schedule used for the rule. The scope indicates whether the schedule is defined for the array or for the enterprise.

In an enterprise policy (an FPCPolicy object), the FPCPolicyRule object can represent only an access rule or a placeholder that specifies the ordinal position (Order) of the set of array policy rules within the set of enterprise policy rules when the enterprise policy is applied to an array. Server publishing rules and Web publishing rules cannot be created on the enterprise level. For more information about enterprise policies, see Enterprise Policies.

In an array policy (an FPCArrayPolicy object), the following restrictions apply in Enterprise Edition:

  • Access rules that allow traffic may not be created if the enterprise administrator sets the EnableAllowRules property of the FPCPolicyAssignment object for the array to False.
  • Access rules that deny traffic may not be created if the enterprise administrator sets the EnableDenyRules property of the FPCPolicyAssignment object for the array to False.
  • Server publishing rules and Web publishing rules may not be created in the array policy if the enterprise administrator sets the EnablePublishingRules property of the FPCPolicyAssignment object for the array to False.

The FPCPolicyRule object is an element of an FPCPolicyRules collection. A new FPCPolicyRule object representing an access rule can be created by calling the AddAccessRule method of this collection, a new object representing a server publishing rule can be created by calling the AddServerPublishingRule or AddServerPublishingRuleWithScopedProtocol method, and a new object representing a Web publishing rule can be created by calling the AddWebPublishingRule method.

Click here to see the ISA Server object hierarchy.

Inheritance

This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.

Methods

The FPCPolicyRule object defines the following methods.

Method Description
SetAppliesAlways Sets the rule to apply at all times regardless of the ScheduleUsed property.
SetLimitSourcePortRange Sets the lower and upper limits of the range of source port numbers to which the rule applies.
SetSchedule Sets the schedule for the rule.
SetScopedSchedule Sets the scope and name of the schedule to be used by the rule (available only in Enterprise Edition).

Properties

The FPCPolicyRule object has the following properties.

Property Description
AccessProperties Gets an FPCAccessProperties object that specifies a set of properties of the policy rule when the rule is configured as an access rule.
Action Gets or sets a value from the FpcPolicyRuleActions enumerated type that specifies whether the rule allows or denies requests.
AppliesAlways Gets a Boolean value that indicates whether the rule applies at all times.
Description Gets or sets the description of the rule.
Enabled Gets or sets a Boolean value that indicates whether the rule is enabled.
EnableLogging Gets or sets a Boolean value that indicates whether the rule is enabled for logging.
IsDefault Gets a Boolean value that indicates whether the rule is preinstalled, and cannot be deleted or have its position changed in the rule order.
LimitSourcePortHigh Gets the upper limit of the range of source port numbers to which the rule applies.
LimitSourcePortLow Gets the lower limit of the range of source port numbers to which the rule applies.
Name Gets or sets the name of the rule.
Order Gets the rule's position in the list of policy rules, which corresponds to their order of application.
ScheduleUsed Gets an FPCRef object that references the FPCSchedule object used to define the actual times when the rule applies.
ServerPublishingProperties Gets an FPCServerPublishingProperties object that specifies a set of properties of the policy rule when the rule is configured as a server publishing rule.
SourceSelectionIPs Gets an FPCSelectionIPs object that specifies the complete set of source IP addresses to which the rule applies.
System Gets a Boolean value that indicates whether the rule is a system policy rule.
SystemPolicyGroupId Gets a value from the FpcSystemPolicyConfigGroupEnum enumerated type that identifies the system policy configuration group to which the rule belongs.
Type Gets a value from the FpcPolicyRuleTypes enumerated type that indicates whether the policy rule is an access rule, a server publishing rule, or a Web publishing rule.
VendorSystemPolicyRule Gets a Boolean value that indicates whether the rule is a system policy rule that was added by a vendor or a third-party filter. (This property is introduced in ISA Server 2006.)
WebPublishingProperties Gets an FPCWebPublishingProperties object that specifies a set of properties of the policy rule when the rule is configured as a Web publishing rule.

Methods Inherited from FPCPersist

Name Description
CancelWaitForChanges Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).
CanImport Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.
Export Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document.
ExportToFile Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file.
GetServiceRestartMask Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.
Import Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage.
ImportFromFile Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage.
LoadDocProperties Provides the XML document's properties so that you can know what information can be imported from the document.
Refresh Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved.
Save Recursively writes the current values of all the properties of the object and its subobjects to persistent storage.
WaitForChanges Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).

Properties Inherited from FPCPersist

Name Description
PersistentName Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.
VendorParametersSets Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object.

Interfaces for C++ Programming

This object implements the IFPCPolicyRule, IFPCEEPolicyRule, and IFPCPolicyRule2 interfaces.

Requirements

Client Requires Windows XP.
Server Requires Windows Server 2003. Requires Windows Server 2003 or Windows 2000 for ISA Server 2004 Standard Edition.
Version Requires Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004.
IDL

Declared in Msfpccom.idl.

See Also

COM Objects

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.