cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1200
Views
0
Helpful
3
Replies

DAP LUA script for personal firewall enabled

potter-scott
Level 1
Level 1

2019-08-12_11h24_53.png

I am trying to implement a DAP that checks to see if personal firewall is enabled.  I am a little confused on the LUA script and on what the Access/Authorization Action should be set to.  Continue, Quarantine, or Terminate.  My goal is if not enabled do not allow connection.

 

assert(function()
for k,v in pairs(endpoint.pfw) do
if (EVAL(v.enabled, "EQ", "ok", "string")) then
return true
end
end
return false
end)()

3 Replies 3

Josue Brenes
Cisco Employee
Cisco Employee

Hi Potter Scott,

The main porpuse of having DAP’s configured is to permit the connection based on some rules and if none is matched, just send the connections to the default DAP where we set the action to “Terminate”.

With this being said, you can set the action to “Continue” for this LUA and set the default DAP to “Terminate”. If the user is not compliant of the LUA’s DAP, the HS will continue to check for a match until it reaches the default, with action terminate.

Final result:

No personal firewall installed = connection goes to the default DAP with action to terminate, VPN connection will not connect. 

 

Rate if it helps.

 

Regards,

Josue Brenes

TAC - VPN Engineer.

I am assuming I would set to continue for AntiVirus check also with the script below.


assert(function()
for k,v in pairs(endpoint.am) do
if (EVAL(v.exists, "EQ”, "true", "string")) then
return false
end
end
return CheckAndMsg(true, "Please install antivirus software before connecting", nil)
end)()

Yes, that is correct. 

 

Rate if it helps.

Regards,

Josue Brenes

TAC - VPN Engineer.

 
 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: