65-25
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 65 Configuring Dynamic Access Policies
Understanding VPN Access Policies
endpoint.os.windows.hotfix["KB923414"] = "true";
Checking for Antivirus Programs
You can configure messages so that the end user is aware of and able to fix problems with missing or not
running AVs. As a result, if access is denied, the adaptive security appliance collects all messages for
the DAP that caused the "terminate" condition and displays them in the browser on the logon page. If
access is allowed, the adaptive security appliance displays all messages generated in the process of DAP
evaluation on the portal page.
The following example shows how to use this feature to check on the Norton Antivirus program.
Step 1 Copy and paste the following Lua expression into the Advanced field of the Add/Edit Dynamic Access
Policy pane (click the double arrow on the far right to expand the field).
(CheckAndMsg(EVAL(endpoint.av[“NortonAV”].exists, "EQ", "false"),"Your Norton AV was found
but the active component of it was not enabled", nil) or
CheckAndMsg(EVAL(endpoint.av[“NortonAV”].exists, "NE", "true"),"Norton AV was not found on
your computer", nil) )
Step 2 In that same Advanced field, click the OR button.
Step 3 In the Access Attributes section below, in the leftmost tab, Action, click Terminate.
Step 4 Connect from a PC that does not have or has disabled Norton Antivirus.
The expected result is that the connection is not allowed and the message appears as a blinking ! point.
Step 5 Click the blinking ! to see the message.
Checking for Antivirus Programs and Definitions Older than 1 1/2 Days
This example checks for the presence of the Norton and McAfee antivirus programs, and whether the
virus definitions are older than 1 1/2 days (10,000 seconds). If the definitions are older than 1 1/2 days,
the adaptive security appliance terminates the session with a message and links for remediation. To
accomplish this task, perform the following steps.
Step 1 Copy and paste the following Lua expression into the Advanced field of the Add/Edit Dynamic Access
Policy pane (click the double arrow on the far right to expand the field):
((EVAL(endpoint.av[“NortonAV”].exists,”EQ”,”true”,”string”) and
CheckAndMsg(EVAL(endpoint.av[“NortonAV”].lastupdate,”GT”,”10000”,integer”),To
remediate <a href=’http://www.symantec.com’>Click this link </a>”,nil)) or
(EVAL(endpoint.av[“McAfeeAV”].exists,”EQ”,”true”,”string”) and
CheckAndMsg(EVAL(endpoint.av[“McAfeeAV”].lastupdate,”GT”,”10000”,integer”),To
remediate <a href=’http://www.mcafee.com’>Click this link</a>”,nil))
Step 2
In that same Advanced field, click AND.
Step 3 In the Access Attributes section below, in leftmost tab, Action, click Ter minate.
Step 4 Connect from a PC that has Norton and McAfee antivirus programs with versions that are older than
1 1/2 days.
The expected result is that the connection is not allowed and the message appears as a blinking ! point.
To Next Page
Loading...
Need help?
General
