DAP LUA script for personal firewall enabled

potter-scott · ‎08-12-2019

I am trying to implement a DAP that checks to see if personal firewall is enabled. I am a little confused on the LUA script and on what the Access/Authorization Action should be set to. Continue, Quarantine, or Terminate. My goal is if not enabled do not allow connection.

assert(function()
for k,v in pairs(endpoint.pfw) do
if (EVAL(v.enabled, "EQ", "ok", "string")) then
return true
end
end
return false
end)()

Josue Brenes · ‎08-17-2019

Hi Potter Scott,

The main porpuse of having DAP’s configured is to permit the connection based on some rules and if none is matched, just send the connections to the default DAP where we set the action to “Terminate”.

With this being said, you can set the action to “Continue” for this LUA and set the default DAP to “Terminate”. If the user is not compliant of the LUA’s DAP, the HS will continue to check for a match until it reaches the default, with action terminate.

Final result:

No personal firewall installed = connection goes to the default DAP with action to terminate, VPN connection will not connect.

Rate if it helps.

Regards,

Josue Brenes

TAC - VPN Engineer.

potter-scott · ‎08-19-2019

I am assuming I would set to continue for AntiVirus check also with the script below.

assert(function()
for k,v in pairs(endpoint.am) do
if (EVAL(v.exists, "EQ”, "true", "string")) then
return false
end
end
return CheckAndMsg(true, "Please install antivirus software before connecting", nil)
end)()

Josue Brenes · ‎08-27-2019

Yes, that is correct.

Rate if it helps.

Regards,

Josue Brenes

TAC - VPN Engineer.