A commonly revered part of any ISA Server installation is that of documenting the final solution, especially if this involves a complex firewall policy. After trying to document a few Enterprise Edition customer installations which contained several hundred firewall policy rules, it became apparent that we could do with some form of documentation utility or tool. This tool would aim to capture the key rule information and output this into a nice looking format and/or allow it to be stored electronically for future support purposes.
Rather than create an application from scratch, it made sense to start with the ISAInfo tool, as this provides an XML output which contains all of the raw ISA Server configuration information, including firewall and system policy rules.
After a bit of internal brainstorming, we realised that developing a completely new application to translate data from the ISAinfo XML file into an appropriate format was going to take quite some time. Hence, we decided it would make more sense to modify the display format that is provided with the original ISAInfo Viewer (ISAInfo.hta) in order to manipulate the output. I say “we” here, but I really mean “he” as full kudos for the actual development work goes to one of my esteemed Silversands colleagues, David Hughes, who did the actual development work. I was merely responsible for the inspiration, testing and tea making :)
With this approach in mind, David looked at the default ISAInfo.hta viewer in order to understand what changes would be necessary. The ‘problem’ with the default ISAInfo viewer is that the results are formatted for readable screen output. Hence, if you copy and paste the data, it is not really in an ideal format and requires quite a bit of manipulation to achieve something satisfactory (if you paste it directly into Word for example).
Therefore, by modifying the display format into data that is more copy and paste friendly, like comma separate values (CSV), we greatly improve our chances of obtaining the information in a much more suitable form. The choice of CSV is also an ideal data format for importing into Excel, and this provides an excellent document format for the firewall/system policy rules data.
So after amending the ISAInfo.hta as necessary, we now have a new ISAInfo viewer called ISAInfo2XLS.hta which outputs firewall and system policy information into an onscreen CSV format. Well, to be precise it’s actually a pipe character “|” separated value format really (PSV), but close enough! A copy of the customised viewer can be downloaded from here.
Please Note: The original ISAInfo.hta file is based upon version 1.0.2161.23 dated 19/07/2007 which is available as part of the ISAInfo.zip archive available from Jim Harrison’s www.isatools.org website here.
In order to understand the entire process of using the customised viewer, I have put together the following procedure with some sample screenshots and a quick walkthrough.
Generate the ISAInfo XML Output
Lets start with an example firewall policy as shown below. This contains a web publishing rule, a server publishing rule and an access rule:
In order to dump the configuration information, we need to run the ISAInfo.js utility as shown below:
One this has completed, we then have an XML output file which can be opened in the ISAInfo Viewer:
After opening this XML file in the default ISAInfo viewer, we can see the example firewall policy rule details are shown in the right hand pane of the viewer:
So, this is how things work with the default ISAInfo viewer.
Using the ISAInfo2XLS Viewer
Now, lets look at the display format when we use the ISAInfo2XLS viewer:
As can be seen, the rule information is now provided onscreen in PSV format. If we highlight this text and copy and paste the data into a notepad text file, we get the following:
If we now save this text file to a temporary location, we can open it using Excel. Excel with then automatically recognise the text file format and will run the Text Import Wizard.
Please Note: I am using Excel 2007 in my examples, but it should be a similar process with previous versions of Excel.
On Step 1 of the wizard, select the Delimited radio button as our data is in a separated, or delimited, format. Then click Next to continue to Step 2.
On Step 2 of the wizard, select the Other tick box and enter a pipe character (the vertical line ‘|’ key to the left of the ‘z’ key on UK QWERTY keyboards). Then click Next to continue to Step 3.
On Step 3 of the wizard, accept the defaults and select Finish.
You should then see the imported firewall policy rules, as shown below:
After a bit of basic formatting we get the following result, which looks great!
Repeating the above process with a set of System Policy rules results in a more complex, but equally impressive, spreadsheet:
So, there you go! You now have an Excel spreadsheet that contains all firewall or system policy rules, and the key top-level information for each rule.
I will be the first to admit that it’s not the slickest or most elegant tool in the world, but hopefully some of you will find it as useful as I have when it comes to documenting firewall and system policies – Enjoy!
Based upon popular demand, please find an updated version of ISAInfo2XLS.hta now called ISAInfo2XLSv2.hta from here which has been tested with Windows 7, IE9 and Forefront TMG. Many thanks to Richard Knight for his efforts with this update!