Internet Security and Acceleration Server 2004/2006 SDK

The FPCVpnQuarantineSettings object defines the virtual private network (VPN) quarantine settings.

The FPCVpnQuarantineSettings object is accessed through the QuarantineSettings property of an FPCVpnConfiguration object.

Click here to see the ISA Server object hierarchy.

The VPN quarantine uses the Network Access Quarantine Control feature of Windows Server 2003 to prevent remote VPN clients from obtaining normal remote access after authentication until the configuration of their systems has been examined by a server-provided script and validated as meeting the requirements of the organization's network policies. The connection to a remote VPN client can be closed if the time-out period elapses before the configuration is validated.

The clearing of VPN clients from quarantine can be enabled by installing Remote Access Quarantine Agent (Rqs.exe) on the ISA Server computer and Remote Access Quarantine Client (Rqc.exe) on VPN clients. Rqc.exe runs as a notification component on the remote client computer, informing the Rqs.exe listener component running on the ISA Server that the client computer complies with security policy. Both of these tools are available in the Windows Server 2003 Resource Kit Tools. After Rqs.exe is installed, the Remote Access Quarantine Tool for ISA Server 2004 (RQSUtils.EXE) should be run on the ISA Server computer. This tool adds an RQS protocol definition on the ISA Server computer, creates an instance of the RQS service, and creates an access rule allowing the RQS protocol. Additional steps must also be performed. For detailed instructions on implementing the clearing of VPN clients from a quarantine, see VPN Roaming Clients in ISA Server 2004.

Alternatively, you can create a custom listener component that listens for messages from a matching notifier component running on quarantine-compatible remote access clients. These messages indicate that the scripts have been run successfully. Then your listening component can use the MprAdminConnectionRemoveQuarantine function to remove the quarantine restrictions from the remote access connections.


The FPCVpnQuarantineSettings object defines the following methods.

Method Description
Refresh Recursively reads the values of all of the object's properties from persistent storage, discarding any changes that have not been saved.
Save Writes the current values of all of the object's properties, including the properties of its subobjects and their elements (for collections), to persistent storage.


The FPCVpnQuarantineSettings object has the following properties.

Property Description
QuarantineMode Gets or sets a value from the FpcVpnQuarantineMode enumerated type that specifies whether the VPN quarantine is enabled or disabled, and whether VPN clients are placed in quarantine according to the ISA Server policy or the RADIUS server policy.
QuarantineTimeout Gets or sets the time, in seconds, that a connection can remain in the restricted state before being closed.
QuarantineTimeoutEnabled Gets or sets a Boolean value that indicates whether the VPN quarantine time-out period is enabled.
UserSetsExcluded Gets an FPCRefs collection that contains references to the FPCUserSet objects defining the user sets to which the VPN quarantine is not applied.

Interfaces for C++ Programming

This object implements the IFPCVpnQuarantineSettings interface.


Client Requires Windows XP.
Server Requires Windows Server 2003. Requires Windows Server 2003 or Windows 2000 for ISA Server 2004 Standard Edition.
Version Requires Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004.

Declared in Msfpccom.idl.

See Also

COM Objects