Specifications

Policy Server for Cisco NAC

10-15

Policy Composition

Policies include of any number of rules and default responses and actions.

Rule Enforcement

Policy Server enforces rules in a specific order, which allows you to prioritize rules.

Change the order of rules, add new ones, and remove existing ones from a policy.

Default Responses for Policies

As with rules, policies include default responses to help you understand the condition of

OfficeScan clients on the network when client validation occurs. However, the default

responses are associated with clients only when client security posture does NOT match

any rules in the policy.

The responses for policies are the same as those for rules (see Default Responses for Rules

on page 10-11 for the list of responses).

Policy Server and OfficeScan Client Actions

The Policy Server enforces rules to clients by subjecting client posture information to

each of the rules associated with a policy. Rules are applied top-down based on the rules

in use specified on the Web console. If the client posture matches any of the rules, the

action corresponding to the rule is deployed to the client. If no rules match, the default

rule applies and the action corresponding to the default rule is deployed to clients.

Default Outbreak Mode Policy evaluates OfficeScan clients using the "Healthy" rule. It

forces all clients that do not match this rule to immediately implement the actions for

the "Infected" response.

Default Normal Mode Policy evaluates OfficeScan clients using all the non-"Healthy"

rules (Transition, Not Protected, Quarantine, CheckUp). It classifies all clients that do

not match any of these rules as "healthy" and applies the actions for the "Healthy" rule.