There are no user-defined ICMP protocols displayed in the New Access Rule Wizard in ISA Server 2004, Enterprise Edition (902348)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
SYMPTOMSOn a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition, you open the New Access Rule Wizard. Then, in the wizard Protocols list, you try to select user-defined Internet Control Message Protocol (ICMP) protocols. However, there are no user-defined ICMP protocols displayed in the Protocols list.
Note You may not experience this symptom if the user-defined protocols are currently used in an existing enterprise-level access rule.CAUSEUser-defined ICMP protocols are filtered out of the Protocols list if the protocols are not currently used in an existing enterprise-level access rule.WORKAROUNDTo work around this problem, use one of the following methods. Method 1- Create an array-level policy rule by using enterprise rule elements.
Note For more information about how to use enterprise rule elements to create an array-level policy rule, see ISA Server Help. - After you create an array-level policy rule and then define a new protocol, you can manually create the same policy in each array. Or, you can export and then import the same policy to all the arrays.
Note For more information about how to export and import array configurations, see ISA Server Help.
Method 2To work around this problem by using JScript code, follow these steps: - Copy the following code, and then paste it into Notepad.
/*
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This code is Copyright (c) 2005 Microsoft Corporation.
All rights reserved.
THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE
LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
OF THIS CODE OR INFORMATION.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Title: AddMtuRule.js
Purpose: Adds an ICMP protocol definition and rule to all Enterprise Policies
Requirements:
- ISA 2004 Enterprise
- Access rights to ISA for interactive account
Run as: cscript addmturule.js protocolname networkname
Version:
1.0 06/15/2005 - First version
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
main();
function main()
{
var oISA = new ActiveXObject( "FPC.Root" );
var szCss = oISA.ConfigurationStorageServer;
oISA.ConnectToConfigurationStorageServer( szCss );
var oEnterprisePolicies = oISA.Enterprise.Policies;
var oEnterpriseRuleElements = oISA.Enterprise.RuleElements;
var ProtocolName = WScript.Arguments( 0 );
var EnterpriseNet = WScript.Arguments( 1 );
if( !MakeNewProtocol( oEnterpriseRuleElements, ProtocolName ) )
{
return false;
}
WScript.Echo( "Protocol Definition \'" + ProtocolName + "\' successfully created..." );
for( var inx = 1; inx <= oEnterprisePolicies.Count; inx++ )
{
switch( MakeNewRule( oEnterprisePolicies.Item( inx ), ProtocolName, EnterpriseNet ) )
{
case false: return false;
case 666: continue;
}
WScript.Echo( "....Access Rule \'" + ProtocolName + "\' successfully created..." );
}
WScript.Echo( "\r\nAll Done..." );
}
function MakeNewProtocol( oRuleElements, ProtocolName )
{
var Send = 1; //packet direction
var Code = 4; //ICMP code for Fragmentation needed
var Type = 3; //ICMP type for Destination unreachable
var oProtocol = null;
var Exists = -2147024713;
try
{
oProtocol = oRuleElements.ProtocolDefinitions.Add( ProtocolName );
}
catch( err )
{
if( err.number != Exists )
{
WScript.Echo( "Error " + err.number + "; " + err.description );
return false;
}
err.clear;
return true;
}
oProtocol.Description = "ICMP MTU Detection traffic";
oProtocol.PrimaryConnections.AddICMP( Send, Code, Type );
oProtocol.Save( );
return true;
}
function MakeNewRule( oPolicy, ProtocolName, EnterpriseNet )
{
var Allow = 0;
var SpecifiedProtocols = 1;
var EnterpriseScope = 1;
var IncludeStatus = 0;
var oRule = null;
WScript.Echo( "...working in policy \'" + oPolicy.Name + "\'..." );
if( oPolicy.Predefined )
{
WScript.Echo( "....Can\'t create rules in \'" + oPolicy.Name + "\'..." );
return 666; //can't do this here
}
try
{
oRule = oPolicy.PolicyRules.AddAccessRule( ProtocolName );
}
catch( err )
{
if( err.number != Exists )
{
WScript.Echo( "Error " + err.number + "; " + err.description );
return false;
}
err.clear;
return true;
}
oRule.Action = Allow;
oRule.Description = "ICMP MTU adjustment";
oRule.SourceSelectionIPs.EnterpriseNetworks.AddScopedItem( EnterpriseScope, EnterpriseNet, IncludeStatus );
oRule.AccessProperties.DestinationSelectionIPs.EnterpriseNetworks.AddScopedItem( EnterpriseScope, "Local Host", IncludeStatus );
oRule.AccessProperties.ProtocolSelectionMethod = SpecifiedProtocols;
oRule.AccessProperties.SpecifiedProtocols.AddScopedItem( EnterpriseScope, ProtocolName, IncludeStatus );
oRule.AccessProperties.UserSets.AddScopedItem( EnterpriseScope, "All Users", IncludeStatus );
oRule.Save( true );
return true;
}
- Save this Notepad file as Addmturule.js.
- Run the following command from the same location at which you saved the code:
cscript addmturule.js ProtocolName NetworkName Note ProtocolName is the name of the new protocol that you are creating.
NetworkName is the name of the enterprise network from which the ICMP traffic originates.
Modification Type: | Minor | Last Reviewed: | 3/30/2006 |
---|
Keywords: | kbtshoot kbprb KB902348 kbAudITPRO |
---|
|