Home > ISA 2006 Configuration, ISA 2006 Enterprise > Importing Hammer of God Country IP Block Network Sets Into ISA Enterprise Policies

Importing Hammer of God Country IP Block Network Sets Into ISA Enterprise Policies

Recently I was called upon to assist a customer with configuring their ISA firewall to block all traffic to or from specific country IP address blocks. Fortunately this task is made much simpler thanks to the wonderful work by Thor at Hammer of God. At the Hammer of God web site you can download pre-configured ISA computer sets that you can easily import in to your ISA firewall configuration.

These networks sets were exported from ISA 2006 Standard edition. If you are importing these computer sets in to the Standard version of Microsoft ISA Server, the process is very straightforward. Simply download the computer set for the country you wish to block and import them in to your policy. If you wish to import these computer sets in to ISA 2006 Enterprise, that’s a little different. ISA does not support importing/exporting objects to/from Standard and Enterprise versions natively. There is a workaround, however. It can be accomplished easily by changing the fpc4:Edition element in the XML export file from “16” to “32”, as shown here…

14

…but that will only allow you to import the network set in to an array policy. If you would like to import these network sets in to an an enterprise policy, you can follow the procedures outlined here.

Start by downloading a network set from Hammer of God. For demonstration purposes here I have chosen the network block for the country of Albania (nothing personal against Albania, it’s just that the network set was small and convenient!).

1. Create a computer set at the enterprise level. Give the computer set a descriptive name, then choose ‘Ok’ to continue.

2

2. Hightlight the computer set you just created, then right-click on the computer set and choose ‘export selected’.

3

3. The ‘Welcome to the Export Wizard’ dialog box appears. Choose ‘Next’ to continue.

5

4. Specify the file name and location to save the export to. Choose ‘Next’ to continue.

6

5. Choose ‘Finish’ to complete the export.

7

6. Next, open the network set downloaded from Hammer of God with an XML editor or Notepad. Select and copy all of the data between and including the fpc:4AddressRanges tags…

8
…clip…
9

7. Open the blank enterprise network set export created earlier with an XML editor or Notepad. Highlight and select the entire following line:

142

Paste the data you copied previously here, then save the file.

8. In the ISA Management console, highlight the blank enterprise network set created earlier and choose ‘import to selected’.

10

9. The ‘Welcome to the Import Wizard’ dialog box appears. Choose ‘Next’ to continue.

10a

10. Specify the location of the file you just saved, then choose ‘Next’ to continue.

112

11. Choose ‘Finish’ to complete the import, then apply the changes to the enterprise configuration.

121

Your enterprise network set is now populated with information and is ready to be used in both enterprise policies and array policies.

  1. January 6, 2009 at 7:21 am

    Hi Richard,

    Nice to see you got your blog online with a useful first article!

    Cheers

    JJ

  2. OZ
    November 19, 2011 at 12:46 pm

    Thank you for this information, very handy, my TMG box has been reporting attacks constantly from China for weeks now, I created a rule using thors_china xml file and blocked all protocols but HTTP & DNS Server from thors_china to all protected networks.

    Monitored the rule and it appears to be doing the job, used a chinese firewall test page to see if they could load our webpage and that works fine.

  3. November 20, 2011 at 3:49 pm

    The Thor country code network sets are definitely a life saver when it comes to blocking attacks using the Forefront TMG 2010 firewall. This is a very old post though (my first, in fact!) and since this writing Dr. Mullen now has native network sets available for ISA and TMG enterprise edition. No need to go through the steps listed above…you can simply download them here. :)

  4. Andre Coetser
    December 9, 2011 at 10:02 am

    Good afternoon Richard. Can you maybe tell me where to get these native network sets from Dr. Mullen and installation instructions? We have TMG and I struggle to follow the wonderful directions you posted for ISA.

  5. December 9, 2011 at 3:05 pm

    You can find all of the country netblock computer sets for ISA and TMG standard and enterprise here:

    http://www.hammerofgod.com/download/ISASets/

  6. Brian
    September 13, 2012 at 5:40 pm

    Where is this information now?

  7. September 16, 2012 at 11:10 am

    Tim made some changes to the site and hasn’t put these back up yet. I’ll update this post and comment again when they are available. Thanks! :)

  8. MS
    January 19, 2013 at 1:18 pm
  9. January 23, 2013 at 5:14 pm

    Great info. Thank you!

  1. January 6, 2009 at 6:56 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 79 other followers

%d bloggers like this: