Note: you should backup ISA Server configuration before trying out following workarounds (just in case) ;-)
My customers are no exception; they too are getting attacked1 from IP addresses belonging to China address space. For some of them we simply decided to block all traffic originating in China. For customers using ISA server as a firewall, I decided to use "Country by Country ISA Computer Sets" prepared by Thor (thank you Thor).
The scripts that we could download were prepared for ISA Server 2004 or ISA Server 2006 Standard Edition and they could not be imported to ISA Server Enterprise Edition. If you try to import it to ISA Server Enterprise Edition you would get the following error:
Error: 0xc00403a4
Enterprise Edition settings cannot be imported into Standard Edition, and Standard Edition settings cannot be imported into Enterprise Edition.
The error occurred on object 'ComputerSets' of class 'Computer Sets' in the scope of array 'Firewall'.
I really didn't want to copy and paste or manually recreate the computer set. After playing around with the XML file containing computer set I figured out that if you change fpc4:Edition line from
to
you can now import computer set to ISA Server 2006 Enterprise Edition even if it was exported from ISA Server 2006 Standard Edition. You should see the above line near the top of the XML file.
Here are also screenshots of the XML file (before and after):
Standard Edition
Enterprise Edition
1. I will write more about the attacks themselves in my next post...