Specifications
9-28
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Setting Up Agent Distribution/Installation
For more information, see Configuring a Launch Programs Requirement, page 9-85.
Table 9-5 Specify Server Rule Names
Parameter
Default
Value
Valid
Range Description/Behavior
ServerNameRules — FQDN This parameter consists of comma separated names of
servers. The server names available in this list are used
for authorization of CAS by client machine. If this list
is empty, then the authorization is not performed.
The Agent compares the CN (canonical name) in the
certificate provided by the CAS/Agent SSL
communication with the ServerNameRules parameters
in the NACAgentCFG.xml file. The CN contains
information like host name and domain name. The
Agent pops up only when these names match.
The server names should be FQDN names. The
parameter can be placed anywhere in the
NACAgentCFG.xml file. IP Addresses can also be
used if they match the CN.
Examples of ServerNameRules entires:
• marketing.cisco.com, sales.cisco.com
• engineering.cisco.com
The wildcard character “*” can be used to specify
server names with similar characters. For example,
*.cisco.com matches all the servers in the Cisco.com
domain. The wildcard can be placed only at the
beginning and the characters that follow the wildcard
should be of exact match.
More examples with wildcard:
• *.marketing.cisco.com
• *.com
Table 9-6 Cisco NAC Agent Verifying Launch Program Executable for Trusted Digital Signature
Registry Key
Default
Value
(Decimal)
Valid
Range Description/Behavior
SignatureCheck 0 0 or 1 The SignatureCheck setting looks for a digital signature
that the Cisco NAC Agent uses to determine whether or
not Windows can trust the executable before launching.
Starting from Release 4.9(1), non-admin users can set
the SignatureCheck parameter to “1” in the
Configuration file to check the signature.