?
Solved

More detailed schedule in ISA 2004

Posted on 2006-10-23
12
Medium Priority
?
863 Views
Last Modified: 2011-11-22
I have a customer who needs to limit their employes internetaccess during worktime but during breaks there shall be no limits at all.
They have a ISA 2004 which provide a solution for the access part but seems missing the function of a detailed schedule.
According to Microsoft:
"Schedules can be set only on an hourly basis, at the start of every hour."

Is there any possible way to create a more detailed schedule?
For example they want "the no limit time" to start 14:15 and end 14:45.

Regards
Mattias
0
Comment
Question by:BraData295
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 17794896
No, hourly is the minimum schedule. As I recall, ISA2006 has the same limitation.

Regards

Keith

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17798521
Just checked and ISA2006 is exactly the same. Doesn't happen often to us but sometimes the correct answer is "Nope, 'fraid not".

0
 
LVL 5

Assisted Solution

by:MarkusKolbeck
MarkusKolbeck earned 1000 total points
ID: 17810046
Try the following:
- Create a new (additional) access rule with unlimited access
- create two scheduled tasks (you can define to be launched on a per-minute-basis):
     1. disable the roule during the work hours (via script)
     2. enable the roule during breaks (via script)

The Script to enable / disable an access rule can be downloaded here:
http://www.isascripts.org/

Example Script Code (from Jason Fossen - www.ISAscripts.org):

'*************************************************************************************
' Script Name: ISA_Enable-Disable_Rule.vbs
'     Version: 1.0
'      Author: Jason Fossen ( www.ISAscripts.org )
'Last Updated: 16.Oct.2005
'     Purpose: Enables or disables a rule in the Firewall Policy of an ISA Server array,
'              Standard or Enterprise edition.  But cannot manage System Policy rules or
'              Enterprise Policy rules, array or single-server rules only.
'       Legal: Public Domain.  Modify and redistribute freely.  No rights reserved.
'              SCRIPT PROVIDED "AS IS" WITHOUT WARRANTIES OR GUARANTEES OF ANY KIND.
'              USE AT YOUR OWN RISK.  Test on non-production servers first.
'*************************************************************************************


If WScript.Arguments.Count <> 2 Then Call ShowHelpAndQuit()
sRuleName = WScript.Arguments.Item(0)
sAction   = WScript.Arguments.Item(1)
If (LCase(sRuleName) = "/?") Or (LCase(sRuleName) = "/h") Or (LCase(sRuleName) = "-h") Then Call ShowHelpAndQuit()


If EnableOrDisableRule(sRuleName, sAction) Then
    WScript.Echo vbCrLf & "Success! " & UCase(sRuleName) & " = " & UCase(sAction) & "D"
Else
    WScript.Echo vbCrLf & "ERROR: " & Err.Number & " " & Err.Description
End If


'*************************************************************************************
' Functions() & Procedures()
'*************************************************************************************


'
' sRuleName is the name of the rule, in doublequotes if it contains spaces.
' sAction is either "enable" or "disable" (or just "e" and "d").
'
' Function returns true if either it is successful or if sRuleName Is
' already set to sAction specified.
'
Function EnableOrDisableRule(sRuleName, sAction)
    On Error Resume Next
    If Not IsObject(oFPC) Then Set oFPC = CreateObject("FPC.Root")
    Set oPolicyRule = oFPC.GetContainingArray.ArrayPolicy.PolicyRules.Item(sRuleName)
    'If Err.Number = -2147024894 Then WScript.Echo "Cannot find the rule named " & sRuleName
    If Err.Number <> 0 Then EnableOrDisableRule = False : Exit Function
    If Left(LCase(sAction),1) = "e" Then bState = True Else bState = False
    If oPolicyRule.Enabled = bState Then EnableOrDisableRule = True : Exit Function
    oPolicyRule.Enabled = bState
    oPolicyRule.Save
    If Err.Number = 0 Then EnableOrDisableRule = True Else EnableOrDisableRule = False
    'If Err.Number <> 0 Then WScript.Echo "Problem changing rule state."
    On Error Goto 0
End Function



Sub ShowHelpAndQuit()
    Dim sUsage : sUsage = vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "ISA_Enable-Disable_Rule.vbs rulename action" & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "Purpose: Enables or disables a rule, not including System Policy rules." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "   Args: rulename = Name of the rule, placed in doublequotes if necessary." & vbCrLf
    sUsage = sUsage & "         action   = The word ""Enable"" or ""Disable"" (not case sensitive)." & vbCrLf
    sUsage = sUsage & vbCrLf
    sUsage = sUsage & "  Legal: SCRIPT PROVIDED ""AS IS"" WITHOUT WARRANTIES OR GUARANTEES OF ANY" & vbCrLf
    sUsage = sUsage & "         KIND. USE AT YOUR OWN RISK. Public domain, no rights reserved." & vbCrLf
    sUsage = sUsage & "         ( www.ISAscripts.org )" & vbCrLf
    sUsage = sUsage & vbCrLf
    WScript.Echo sUsage
    WScript.Quit
End Sub


'EOF*******************************************************************************



The script is really easy to use and can be integrated into the scheduled tasks pretty simple.

If you have any further questions please let me know.

ATB
Markus
0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17864694
Hi Mattias,

you're still there? ;-)

Did you test my solution? Any feedback?

ATB
Markus
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 17913845
blubb
0
 
LVL 5

Expert Comment

by:MarkusKolbeck
ID: 18091815
Hi Computer101,

I cannot understand your decision (that I only assisted the answer) as I provided a solution for the question.
Please comment.

Markus
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18096310
Markus.

Computer101 will have made the decision based upon my recommendation. The accept is automatically assigned to the first expert in the list of recipients that I have recommended.

I have given the asker 4 days to respond to my recommendation but as you can see, no response has been seen. ISA server cannot have a schedule set of less than one hoyr so I have given myself an equal split also. This is not up for debate as it is fact.

I appreciate your workaround will work which is why I gave given you an equal share of the points.

Keith

0
 

Expert Comment

by:paterpan
ID: 23333926
MarkusKolbeck's solution worked for me.

Thanks.
0
 

Expert Comment

by:oomran
ID: 37181166
guys did any one test this scrips
i have a rule name test and i want to change the state to disable
i have changed the names accourdingly but no result
what im doing wrong.
is it the path of the script
please give me more details.
 ISA-Enable-Disable-Rule.vbs
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month15 days, 16 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question