Configure Advanced Settings for DAP

You can use the Advanced tab for adding selection criteria other than what is possible in the AAA and endpoint attribute areas. For example, while you can configure the threat defense to use AAA attributes that satisfy any, all, or none of the specified criteria, the endpoint attributes are cumulative, and must satisfy all. To let the security appliance employ one endpoint attribute or another, you must create appropriate logical expressions in Lua and enter them here.

Procedure


Step 1

Choose Devices > Dynamic Access Policy.

Step 2

Edit a DAP policy and then edit a DAP record.

Note

Create a DAP policy and DAP record if not done already.

Step 3

Click the Advanced tab.

Step 4

Select AND or OR as the match criteria to use in the DAP configuration.

Step 5

Add the Lua script in the Lua script for advanced attribute matching field.

Step 6

To use the endpoint criteria ID in your Lua script:

  1. Place the cursor at the point where you want to insert the endpoint criteria ID.

  2. From the Endpoint Criteria drop-down list, choose the criteria a

  3. Choose the corresponding ID from the adjacent drop-down list.

Example:

In the following example, DAPTESTFILE, LIBAGENT, vpnagent, and DUOAGENT were inserted in the Lua script:

EVAL(endpoint.file["DAPTESTFILE"].exists,"EQ","true") or 
EVAL(endpoint.file["LIBAGENT"].exists,"EQ","true") and 
EVAL(endpoint.process[""vpnagent""].exists,"EQ","true") and 
EVAL(endpoint.registry[""DUOAGENT""].exists,"EQ","true")

Step 7

Click Save.