You are here
SEC0410 - Firepower 7.0 AnyConnect VPN Dynamic Access Policy (DAP) (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through configuration of Dynamic Access Policy (DAP) for Cisco Secure Client (AnyConnect) on Cisco Firepower 7.0. Our scenarios includes using DAP to identify VPN client type and its posture status and enforce appropriate level of remote access. We will then look at an advance use of LUA script to detect install certificate on a VPN client. DAP is a Firepower self-contain alternative to Cisco ISE posture agent.
Part 1 of this video covers basic DAP setup and default policy
Topic:
- Hostscan
- Dynamic Access Policy (DAP) Setup
-
VPN Client Type Detection
- Connection Profile
- Registry Key
-
VPN Client Posture Check
- Anti-Malware
- Firewall
- Process
- Installed Certificate Detection
- LUA Script
- DAP Configuration File
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.