Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

341

342

343

344

345

346

347

348

349

350

9-44

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

The steps to create AV Definition Update Requirements are as follows:

Step 1 Verify AV/AS Support Info, page 9-44

Step 2 Create an AV Rule, page 9-47

Step 3 Create an AV Definition Update Requirement, page 9-50

Step 4 Map Requirements to Rules, page 9-90

Step 5 Apply Requirements to User Roles, page 9-92

Step 6 Validate Requirements, page 9-93

The steps to create AS Definition Update Requirements are as follows:

Step 1 Verify AV/AS Support Info, page 9-44

Step 2 Create an AS Rule, page 9-53

Step 3 Create an AS Definition Update Requirement, page 9-55

Step 4 Map Requirements to Rules, page 9-90

Step 5 Apply Requirements to User Roles, page 9-92

Step 6 Validate Requirements, page 9-93

Note In some cases it may be advantageous to configure AV or AS rules/requirements in different ways. For

example:

• Not all product versions of a particular vendor may support the Agent launching the automatic

update of the product. In this case, you can provide instructions (via the Description field of the AV

or AS Definition Update requirement) to have users update their AV or AS definition files from the

interface of their installed AV or AS product.

• You can associate the AV or AS rules with a different requirement type, such as Link Distribution

or Local Check, to change the Agent buttons and user action required from “Update” to “Go to

Link”, or to disable the action button and provide instructions only. This allows you flexibility in

configuring the actions you want your users to take.

• You can also configure different Enforce Types. You can generate reports for clients and optionally

provide users extra time to meet a requirement without blocking them from the network. See

Configuring an Optional/Audit Requirement, page 9-94 for details.

Verify AV/AS Support Info

Cisco NAC Appliance allows multiple versions of the Agent to be used on the network. New updates to

the Agent will add support for the latest antivirus or antispyware products as they are released. The

system picks the best method (either Def Date or Def Version) to execute AV/AS definition checks based

on the AV/AS products available and the version of the Agent. The AV/AS Support Info page provides

details on Agent compatibility with the latest Supported AV/AS Product List downloaded to the CAM.

This page lists the latest version and date of definition files for each AV and AS product as well the