70-19
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Configuring Endpoint Attributes Used in DAPs
Figure 70-6 Add Endpoint Attributes Dialog Box
Adding an Anti-Spyware or Anti-Virus Endpoint Attribute to a DAP
Prerequisites
Configuring Anti-Spyware and Anti-Virus endpoint attributes as selection criteria for DAP records is
part of a larger process. Read Configuring Dynamic Access Policies, page 70-10 before you configure
Anti-Spyware and Anti-Virus endpoint attributes.
Guidelines
You can create multiple instances of each type of endpoint attribute. For each of these types, you need
to decide whether the DAP policy should require that the user have all instances of a type (Match all =
AND) or only one of them (Match Any = OR).
To set this value, after you have defined all instances of the endpoint attribute, click the Logical Op.
button and select the Match Any or Match All button. If you do not specify a Logical Operation, Match
Any is used by default.
Detailed Steps
Step 1 In the Endpoint Attribute Type list box, select Anti-Spyware or Anti-Virus.
Step 2 Click the appropriate Enabled, Disabled, or Not Installed button to indicate whether the selected
endpoint attribute and its accompanying qualifiers (fields below the Enabled/Disabled/Not Installed
buttons) must be enabled, disabled, or are not installed.
Step 3 From the Vendor ID list box, click the name of the anti-spyware or anti-virus vendor you are testing for.
Step 4 Check the Product Description check box and select from the list box the vendor’s product name you
are testing for.
Step 5 Check the Version checkbox and set the operation field to equal to (=), not equal (!=), less than (<),
greater than (>), less that or equal to (<=), or greater than or equal to (>=) the product version number
you select from ther Version list box.