31-32
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Add/Edit DAP Entry Dialog Box > Personal Firewall
You can click Host Scan in the Cisco Secure Desktop interface to enable Endpoint Assessment, a scan
for personal firewalls that are running on the remote computer. Most, but not all, personal firewall
programs support active scan, which means that the programs are memory-resident, and therefore always
running.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select AAA Attributes Cisco as the Criterion.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
OS Version Select the check box, then select the matching criteria (for example, is)
from the drop-down list, and select the OS version from the list. Select
Apple Plugin for iPhones and similar devices.
Service Pack Select the check box, then select the matching criteria (for example, is)
from the drop-down list, and select the service pack for the operating
system.
Table31-16 Add/Edit DAP Entry Dialog Box > Operating System (Continued)
Element Description
Table31-17 Add/Edit DAP Entry Dialog Box > Personal Firewall
Element Description
Criterion Shows Personal Firewall as the selection criterion.
Type Select one of the following options and assign the associated values:
Not Installed—Select if the absence of the named personal
firewall from the remote PC is sufficient to match the prelogin
policy you are configuring.
Installed and enabled—Select if the named personal firewall must
be present and enabled on the remote PC to match the prelogin
policy you are configuring.
Installed and disabled—Select if the mere presence of the named
personal firewall on the remote PC is sufficient to match the
prelogin policy you are configuring.
Vendor Name Select the text that describes the application vendor from the list.