The Clean Access Agent can automatically detect numerous AV products and have built in rules for AV Definition Update and Installation
As far as patch management is concerned Clean Access you can leverage the functionality of third party vendors by using various custom checks.
For example if you have BigFix as a patch management solution. You can do checks to make sure that the software is installed on the client and currently running. If it is not you will then be able to have the end user self-remediate using a link or file type requirement.
Many patch management/software distribution clients can then take inventory of the system. If it is missing a requirement the client can then tell the server to push the required software. Once that is finished the CCA agent can check and confirm compliance and bounce the switch port to the Access VLAN
But for remediation purpose, affected client pc has to move bia core network as the remediation servers will be placed in internal segment. In this case the affected pc will travell throught my network & can damage my security policy...
Let me make it clear to you:
1. My AV & PM servers are located into server zone which is connected with core switch.
2. If i implement NAC & any outside user with non updated AV in his/her pc tries to login, then CAS will find this non comliant & will send to remediation zone which is basically a server zone where all AV, PM & remediation servers are located.
3. I want any affected pc say non updated AV, will not travell through my network. They will get an URL & click on that which interims will talk to the AV server a& get the latest updates & push it to the end user.
When your users are authenticated but still in the dirty VLAN because they do not meet compliance with network policy they are given temporary access to remediate. You can create filter rules to only allow certain IP's and ports to access the server zone.
So if your AV client needs updated find the apporpiate IP:port and create a rule to allow that type of traffic while blocking the rest. NACA does support alot of anti-virus vendors and many times the CCA can talk to the AV client directly in order to update.
Check out the CAM configuration guide filter setup and checks
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...