Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15093
Views
0
Helpful
2
Replies

ASA VPN and anti-virus / firewall checking

Go to solution
bberry
Level 1
Level 1

‎08-26-2010 06:28 AM

Does the ASA VPN or ASA Any Connect have the ability to check for anti-virus and/or firewall stuff from the connecting endpoint? I know there was limited support with the dedicated VPN concentrators such as the 3020 but need to know if this support is in the ASA and if so to what extent. I am having limited success in finding this out from teh configuration guides and examples on CCO.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tom mullen
Level 1
Level 1

‎04-18-2014 02:54 PM

For Cisco ASA and ISE products capable of performing a registry/process check on the endpoint device, you can use a solution from OPSWAT called GEARS.  GEARS will check and report on the compliance of endpoints with respect to:

1) applications designed to protect it such as antivirus, personal firewalls, antiphishing, hard disk encryption, patch management, etc.

2) potentially unwanted applications such as public file sharing

3) whether or not the endpoint is infected with malware

GEARS can be configured to take remediation actions such as:

1) enabling a disabled firewall or antivirus application

2) disabling an unwanted application such as public file sharing

A HowTo Guide providing step-by-step instructions for ASA and ISE administrators to configure a registry/process check to read GEARS compliance information is posted at https://gears.opswat.com/integration/secure-access

View solution in original post

Preview file
392 KB
0 Helpful
2 Replies 2

Go to solution
Atri Basu
Cisco Employee
Cisco Employee

‎08-26-2010 06:37 AM

Hey,

Yes the solution you are looking for is Dynamic Access Policies aka DAP. You will find all relevant information regarding DAP deployment at the following link:

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Hope that helps.

Regards,

Atri

0 Helpful

Go to solution
tom mullen
Level 1
Level 1

‎04-18-2014 02:54 PM

For Cisco ASA and ISE products capable of performing a registry/process check on the endpoint device, you can use a solution from OPSWAT called GEARS.  GEARS will check and report on the compliance of endpoints with respect to:

1) applications designed to protect it such as antivirus, personal firewalls, antiphishing, hard disk encryption, patch management, etc.

2) potentially unwanted applications such as public file sharing

3) whether or not the endpoint is infected with malware

GEARS can be configured to take remediation actions such as:

1) enabling a disabled firewall or antivirus application

2) disabling an unwanted application such as public file sharing

A HowTo Guide providing step-by-step instructions for ASA and ISE administrators to configure a registry/process check to read GEARS compliance information is posted at https://gears.opswat.com/integration/secure-access

Preview file
392 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents