Add a device endpoint attribute to a DAP record

Add device endpoint attributes to a DAP to control access based on specific device characteristics such as hostname, MAC address, BIOS serial number, or port configuration.

Device endpoint attributes allow you to create policies that evaluate device-specific criteria to determine access permissions. These attributes help enforce security policies based on device identity and configuration.

Before you begin

Follow these steps to add a device endpoint attribute to a DAP:

Procedure

Step 1

Choose Secure Connections > Dynamic Access Policy.

Step 2

Create or edit a DAP policy and a DAP record.

Step 3

Click the Endpoint Criteria tab and click Device.

Step 4

Select the Match criteria as All or Any.

Step 5

Click + to add application attributes.

In the Device dialog box, configure these parameters:

Select the = or operator to check the attribute to be equal to or not equal to the value you enter for these attributes:

  • Host Name—Hostname of the device. Use the computer's host name only, not the fully qualified domain name (FQDN).

  • MAC Address—MAC address of the network interface card you are testing for. The address must be in the format xxxx.xxxx.xxxx where x is a hexadecimal character.

  • BIOS Serial Number—BIOS serial number value of the device you are testing for. The number format is manufacturer-specific.

  • Port Number—Listening port number of the device.

  • Secure Desktop Version—Version of the Secure Firewall Posture image running on the endpoint.

  • OPSWAT Version—The OPSWAT client version.

  • Privacy Protection—None, Cache cleaner, Secure Desktop.

  • TCP/UDP Port Number—TCP or UDP port in the listening state.

Step 6

Click Save.