Specifications
9-80
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
For a simple rule that tests a single check, simply type the name of the check:
SymAVProcessIsActive
Step 6 Click Add Rule.
The console validates the rule and, if formed correctly, the rule appears in the Rule List. From there,
you can delete the rule, modify it, or copy it (create a new rule by copying this one).
Validate Rules
The Clean Access Manager automatically validates rules and requirements as they are created. Invalid
rules have incompatibilities between checks and rules, particularly those relating to the target operating
system. These errors can arise when you create checks and rules for a particular operating system but
later change the operating system property for a check. In this case, a rule that uses the check and which
is still applicable for the formerly configured operating system is no longer valid. Rule validation detects
these and other errors.
The Valid ity column under Device Management > Clean Access > Clean Access Agent > Rules >
Rule List displays a blue checkmark if the rule is valid and a red “X” if the rule is invalid. Highlight this
icon with your mouse to reveal which check is causing the rule to be invalid, in the form:
Invalid rule [rulename], Invalid check [checkname] in rule expression.
Figure 9-37 Rule List
Use the following steps to correct an invalid Rule.
Step 1 Go to Device Management > Clean Access > Clean Access Agent > Rules > Rule List.
Step 2 Click the Edit icon for the invalid rule.
Step 3 Correct the invalid Rule Expression. If the rule is invalid because a check has been deleted, make sure
you associate the rule with a valid check.
Step 4 Make sure the correct Operating System. is selected.
Step 5 Make sure the Requirement met if: expression is correctly configured.