LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

September 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS September 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: AntiVirus Enforcement
From:	Mike Diggins <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 8 Sep 2009 11:06:56 -0400
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (70 lines)

Have a look at the 'Configuring Agent Requirements' section of the manual.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_agent.html
Create a new AV rule and use ANY as the Antivirus vendor.

You might need an CCO id to view that page.

-Mike


On Tue, 8 Sep 2009, Pete Boynton wrote:

> Mike,
>
> Thanks for information. So if I understood what you said all I need are two rules to do what I want:
>
> Rule 1: Check and see if they have ANY of the 79 AV products are installed
> Rule 2. Check and see if the supported AV product is up to date
>
> Does that seem correct to you?
>
> The documentation I am finding on Cisco's site doesn't seem very up to date and is a bit confusing. Have you seen anything out there that might help me get started??
>
> Thanks,
>
> Pete
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Mike Diggins
> Sent: Tuesday, September 08, 2009 10:34 AM
> To: [log in to unmask]
> Subject: Re: AntiVirus Enforcement
>
> On Tue, 8 Sep 2009, Pete Boynton wrote:
>
>> Hello,
>>
>> I am getting ready to deploy a CAS in-band for VPN users coming into our
>> network. I had a few questions about antivirus that I can't seem to get
>> answered searching Google.
>>
>>
>> 1.  Can I create a requirement that will check to see if clients have
>> ANY of the 79 antivirus supported installed and up to date? Or
>>
>>
>> 2.  Do I need to create separate requirements for all 79 antivirus
>> products?
>
> Short answer but NO, you can use one rule to allow any of the supported AV
> products. You can also configure a single rule that only allows the AV
> product to be out-of-date by a configurable number of days.
>
>
>> 3.  Most of my clients use AVG. How is support for AVG and NAC?
>
> The latest Agents support all current versions of AVG. It does take Cisco
> time to catch up to new releases though. That goes for most of the AV
> products. Usually an Agent update is required.
>
>
> -Mike
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.522.0511
University Technology Services 		E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU