Cisco ASA 5505 Configuration Manual page 1449
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 65
Configuring Dynamic Access Policies
endpoint.os.windows.hotfix["KB923414"] = "true";
Checking for Antivirus Programs
You can configure messages so that the end user is aware of and able to fix problems with missing or not
running AVs. As a result, if access is denied, the adaptive security appliance collects all messages for
the DAP that caused the "terminate" condition and displays them in the browser on the logon page. If
access is allowed, the adaptive security appliance displays all messages generated in the process of DAP
evaluation on the portal page.
The following example shows how to use this feature to check on the Norton Antivirus program.
Copy and paste the following Lua expression into the Advanced field of the Add/Edit Dynamic Access
Step 1
Policy pane (click the double arrow on the far right to expand the field).
(CheckAndMsg(EVAL(endpoint.av["NortonAV"].exists, "EQ", "false"),"Your Norton AV was found
but the active component of it was not enabled", nil) or
CheckAndMsg(EVAL(endpoint.av["NortonAV"].exists, "NE", "true"),"Norton AV was not found on
your computer", nil) )
In that same Advanced field, click the OR button.
Step 2
In the Access Attributes section below, in the leftmost tab, Action, click Terminate.
Step 3
Connect from a PC that does not have or has disabled Norton Antivirus.
Step 4
The expected result is that the connection is not allowed and the message appears as a blinking ! point.
Step 5
Click the blinking ! to see the message.
Checking for Antivirus Programs
This example checks for the presence of the Norton and McAfee antivirus programs, and whether the
virus definitions are older than 1 1/2 days (10,000 seconds). If the definitions are older than 1 1/2 days,
the adaptive security appliance terminates the session with a message and links for remediation. To
accomplish this task, perform the following steps.
Copy and paste the following Lua expression into the Advanced field of the Add/Edit Dynamic Access
Step 1
Policy pane (click the double arrow on the far right to expand the field):
((EVAL(endpoint.av["NortonAV"].exists,"EQ","true","string") and
CheckAndMsg(EVAL(endpoint.av["NortonAV"].lastupdate,"GT","10000",integer"),To
remediate <a href='http://www.symantec.com'>Click this link </a>",nil)) or
(EVAL(endpoint.av["McAfeeAV"].exists,"EQ","true","string") and
CheckAndMsg(EVAL(endpoint.av["McAfeeAV"].lastupdate,"GT","10000",integer"),To
remediate <a href='http://www.mcafee.com'>Click this link</a>",nil))
In that same Advanced field, click AND.
Step 2
In the Access Attributes section below, in leftmost tab, Action, click Terminate.
Step 3
Connect from a PC that has Norton and McAfee antivirus programs with versions that are older than
Step 4
1 1/2 days.
The expected result is that the connection is not allowed and the message appears as a blinking ! point.
OL-20339-01
Definitions Older than 1 1/2 Days
and
Understanding VPN Access Policies
Cisco ASA 5500 Series Configuration Guide using ASDM
65-25
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
