Configure endpoint attribute selection criteria in DAP

Endpoint attributes contain information about the endpoint system environment, posture assessment results, and applications. A Firewall Threat Defense device dynamically generates a collection of endpoint attributes during session establishment and stores these attributes in a database that is associated with the session. Each DAP record specifies the endpoint selection attributes that must be satisfied for the Firewall Threat Defense device to choose it for a session. The Firewall Threat Defense device selects only DAP records that satisfy every condition configured.

Note	When using remote Access VPN with DAP or Secure Firewall Posture (formerly HostScan) and change of authorization (CoA), endpoint attribute checks differ between initial authentication and CoA-triggered authorization.

Procedure

Step 1

Choose Secure Connections > Dynamic Access Policy, and click Create Dynamic Access Policy.

Step 2

Create or edit a DAP record.

Step 3

Click Endpoint Criteria and configure attributes such as anti-malware, device, Secure Client, NAC, application, personal firewall, operating system, process, registry, file, and certificate authentication.

Note	You can create multiple instances of each type of endpoint attribute. There is no limit for the number of endpoint attributes for each DAP record.

Step 4

Click Save.