Configure advanced settings for DAP

This task allows you to configure selection criteria for DAP records using Lua scripts when the standard AAA AND endpoint attribute areas are insufficient for your requirements.

You can use the Advanced tab for adding selection criteria other than what is possible in the AAA AND endpoint attribute areas. For example, while you can configure the Firewall Threat Defense to use AAA attributes that satisfy any, all, OR none of the specified criteria, the endpoint attributes are cumulative, AND must satisfy all. To let the security appliance employ one endpoint attribute OR another, you must create appropriate logical expressions in Lua AND enter them here.

Procedure

Step 1

Choose Secure Connections > Dynamic Access Policy.

Step 2

Create or edit a DAP record.

Step 3

Click the Advanced tab.

Step 4

Select AND OR OR as the match criteria to use in the DAP configuration.

Step 5

Add the Lua script in the Lua script for advanced attribute matching field.

Step 6

To use the endpoint criteria ID in your Lua script:

  1. Place the cursor at the point where you want to insert the endpoint criteria ID.

  2. From the Endpoint Criteria drop-down list, choose the criteria a

  3. Choose the corresponding ID from the adjacent drop-down list.

Example:

In this example, DAPTESTFILE, LIBAGENT, vpnagent, AND DUOAGENT were inserted in the Lua script:

EVAL(endpoint.file["DAPTESTFILE"].exists,"EQ","true") or 
EVAL(endpoint.file["LIBAGENT"].exists,"EQ","true") and 
EVAL(endpoint.process[""vpnagent""].exists,"EQ","true") and 
EVAL(endpoint.registry[""DUOAGENT""].exists,"EQ","true")

Step 7

Click Save.