Specifications

9-51

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

Note Mac OS X users can only resolve ClamWin AV Definition Update requirements by navigating to the

ClamXAV download site at http://www.clamav.net. Cisco recommends using the pre-defined host policy

list for the Unauthenticated Role on the CAM (User Management > User Roles > Traffic Control >

Host).

Use the following steps to create an AV Definition Update requirement.

Step 1 In the Clean Access Agent tab, click the Requirements submenu link and then New Requirement.

Figure 9-20 New Requirement

Step 2

For Requirement Type choose AV Definition Update.

Step 3 Choose an Enforce Type from the dropdown menu:

• Mandatory—Enforce requirement.The user is informed of this requirement and cannot proceed or

have network access unless the client system meets it.

• Optional— Do not enforce requirement. The user is informed of the requirement but can bypass it

if desired (by clicking Next/Skip in the Agent dialog). The client system does not have to meet the

requirement for the user to proceed or have network access.

• Audit—Silently audit. The client system is checked “silently” for the requirement without notifying

the user and a report is automatically generated and sent back to the CAS. (Audit requirements do

not appear in the user’s Mac OS X Assessment Report window.) The report results (pass or fail) do

not affect user network access.

Refer to Configuring an Optional/Audit Requirement, page 9-94 for details.

Step 4 Choose the Priority of execution for this requirement on the client. A high priority (e.g. 1) means this

requirement is checked on the system ahead of all other requirements (and appears in the Agent dialogs

in that order). Note that if a Mandatory requirement fails, the Agent does not continue past that point

until that requirement succeeds.