Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

311

312

313

314

315

316

317

318

319

320

9-12

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Retrieving Cisco NAC Appliance Updates

A variety of updates are available from the Clean Access Updates server, available under Device

Management > Clean Access > Updates. You can perform updates manually as desired or schedule

them to be performed automatically. This section describes how to do the following:

• View Current Updates

• Configure and Download Updates

• Configure Proxy Settings for CAM Updates (Optional)

View Current Updates

Step 1 Choose Device Management > Clean Access > Updates. The Summary page appears by default.

Step 2 The Current Versions of Updates section lists all the latest Cisco Updates versions currently on your

CAM:

Cisco Checks and Rules

Cisco provides a variety of pre-configured rules (“pr_”) and checks (“pc_”) for standard client checks

such as hotfixes, Windows update, and various antivirus software packages. Cisco checks and rules are

a convenient starting point if you need to manually create your own custom checks and rules.

Supported AV/AS Product List (Windows/Macintosh)

The Cisco NAC Appliance Supported AV/AS Product List is a versioned XML file distributed from a

centralized update server that provides the most current matrix of supported antivirus (AV) and

antispyware (AS) vendors and product versions used to configure AV or AS Rules and AV or AS

Definition Update requirements for posture assessment/remediation. This list is updated regularly for the

AV/AS products and versions supported in each Agent release and to include new products for new

Agent versions. Note that the list provides version information only. When the CAM downloads the

Supported AV/AS Product List it is downloading the information about what the latest versions are for

AV/AS products; it is not downloading actual patch files or virus definition files. Based on this

information, the Agent can then trigger the native AV/AS application to perform updates.

Having the latest Supported AV/AS list ensures your AV/AS rule configuration pages include all the new

products supported in the new Agent, particularly if you have updated the Agent version on your CAM.

For the latest details on products and versions supported, see Device Management > Clean Access >

Clean Access Agent > Rules > AV/AS Support Info, or see the “Clean Access Supported AV/AS

Product List” section in the latest Release Notes.

Default Host Policies

Clean Access provides automatic updates for the default host-based policies (for Unauthenticated,

Temporary, and Quarantine roles). Note that Default Allowed Hosts are disabled by default, and must be

enabled for each role under User Management > User Roles > Traffic Control > Hosts. See Enable

Default Allowed Hosts, page 8-9 for details.

Default L2 Policies

Displays the current version of Default Layer 2 traffic policies available on the CAM. Whenever the

CAM searches for updates (either manually or automatically using the settings in the Device

Management > Clean Access > Updates page), it automatically checks to see if there is a newer version

of Default Layer 2 traffic policies available.