Subject: | |
From: | |
Reply To: | |
Date: | Tue, 8 Sep 2009 11:06:56 -0400 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Have a look at the 'Configuring Agent Requirements' section of the manual.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_agent.html
Create a new AV rule and use ANY as the Antivirus vendor.
You might need an CCO id to view that page.
-Mike
On Tue, 8 Sep 2009, Pete Boynton wrote:
> Mike,
>
> Thanks for information. So if I understood what you said all I need are two rules to do what I want:
>
> Rule 1: Check and see if they have ANY of the 79 AV products are installed
> Rule 2. Check and see if the supported AV product is up to date
>
> Does that seem correct to you?
>
> The documentation I am finding on Cisco's site doesn't seem very up to date and is a bit confusing. Have you seen anything out there that might help me get started??
>
> Thanks,
>
> Pete
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Mike Diggins
> Sent: Tuesday, September 08, 2009 10:34 AM
> To: [log in to unmask]
> Subject: Re: AntiVirus Enforcement
>
> On Tue, 8 Sep 2009, Pete Boynton wrote:
>
>> Hello,
>>
>> I am getting ready to deploy a CAS in-band for VPN users coming into our
>> network. I had a few questions about antivirus that I can't seem to get
>> answered searching Google.
>>
>>
>> 1. Can I create a requirement that will check to see if clients have
>> ANY of the 79 antivirus supported installed and up to date? Or
>>
>>
>> 2. Do I need to create separate requirements for all 79 antivirus
>> products?
>
> Short answer but NO, you can use one rule to allow any of the supported AV
> products. You can also configure a single rule that only allows the AV
> product to be out-of-date by a configurable number of days.
>
>
>> 3. Most of my clients use AVG. How is support for AVG and NAC?
>
> The latest Agents support all current versions of AVG. It does take Cisco
> time to catch up to new releases though. That goes for most of the AV
> products. Usually an Agent update is required.
>
>
> -Mike
>
_________________________________________
Mike Diggins Voice: 905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks FAX: 905.522.0511
University Technology Services E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario
|
|
|