Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

391

392

393

394

395

396

397

398

399

400

9-92

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Configuring Agent-Based Posture Assessment

Step 4 For the Requirements met if option, choose one of the following options:

• All selected rules succeed—if all the rules must be satisfied for the client to be considered in

compliance with the requirement.

• Any selected rule succeeds—if at least one selected rule must be satisfied for the client to be

considered in compliance with the requirement.

• No selected rule succeeds—if the selected rules must all fail for the client to be considered in

compliance with the requirement.

If clients are not in compliance with the requirement, they will need to install the software associated

with the requirement or take the steps instructed.

Step 5 For AV Virus Definition Rules (yellow background) and AS Spyware Definition rules (blue

background), you can optionally configure the CAM to allow definition files on the client to be a number

of days older than what the CAM has available from Updates (see Rules > AV-AS Support Info for the

latest product file dates). This allows you to configure leeway into a requirement so that if no new

virus/spyware definition files are released from a product vendor, your clients can still pass the

requirement.

Click the checkbox for either:

• For AV Virus Definition rules, allow definition file to be x days older than:

• For AS Spyware Definition rules, allow definition file to be x days older than:

Type a number in the text box. The default is “2” indicating the definition date cannot be older than the

file/system date.

Choose either:

• Latest file date—This allows the client definition file to be older than the latest virus/spyware

definition date on the CAM by the number of days you specify.

• Current system date—This allows the client definition file to be older than the CAM's system date

when the last Update was performed by the number of days you specify.

Note For AS Spyware Definition rules, the system will enforce this feature (allowing the definition files to be

X days older then the current system date) until Cisco Update service is available to regularly update the

date/version for Spyware definition files.

When this feature is configured for a requirement, the Agent checks for the definition date of the AV/AS

product then verifies whether the date meets the requirement. If the Agent cannot detect the definition

date (i.e., def date detection is not supported for that product), the system ignores this feature and the

Agent checks whether the client has the latest definition version.

Step 6 Scroll down the page and click the Select checkbox next to each rule you want to associate with the

requirement. The rules will be applied in their order of priority, as described in Table 9-15 on page 9-77.