ISA 2004: Scripting Rocks! (Import Protocol demo)

  • Article

Like ISA 2000 before it, ISA 2004 is scriptable. Just about anything I can imagine doing through the user interface, I can do with a script. More, in fact!

Unlike ISA 2000, ISA 2004 plays nice with XML. Every aspect of the configuration (that I've looked at so far) can be exported into an XML file for later re-use, and (handily), little user-defined pieces can be exported down to neat little XML chunks. As an aside, the new ISAInfo basically grabs an XML export of the ISA configuration, rather than re-invent the wheel.

A question flew across one of our internal discussion lists today: "How can a protocol definition be scripted?"

Not having fiddled much with ISA 2004 scripting at all, I figured it was a good time to learn.

So, usage scenario: the Administrator defines their new protocol(s) in the Toolbox, and then right-clicks it and chooses Export, saving the protocol definition as an XML file. This is then used as the command-line argument to the script, on the machine that it needs to be imported to.

I found the SDK CHM file on the CD, looked up Protocol Definitions, and worked my way up the object model to work out how to get there.

The result was this script - and (disclaimer follows) I'm warning you, this might blow up your server, so please don't do it in an environment you care about? It lacks safety belts, error handling and collision avoidance, and hasn't been tested by anyone at all. I did this on ISA 2004 SE. Behaviour on Enterprise Edition might vary. Crumbs may form. This needs to be run on the ISA Server you're importing to.

'--- protocolimport.vbs ---

' Create the root obect.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

set args = Wscript.Arguments

' Get references to the array object (firewall)
Set firewall = root.GetContainingArray

set rules = firewall.RuleElements
set protdefs = rules.ProtocolDefinitions

protdefs.ImportFromFile (args(0)), 0
' above will just break if you don't have
' a command line argument. Sorry.

protdefs.Save 'commit the change

And that's it. Just run the script once per XML protocol definition, with a command line like this:

cscript protocolimport.vbs exportedprotocol.xml

It might even be possible to munge several protocol definition exports together (or add error handling - the possibilities are endless!), but I'm not about to go complexifying a nice simple tool!

And it's that easy to throw this together, in no-time flat.

I like ISA 2004.