GlobalProtect
Create Host Compliance Profile with Host Compliance Objects
Table of Contents
Create Host Compliance Profile with Host Compliance Objects
This section will provide information on how to create host compliance profile with
host compliance objects.
You can create a HCP that you plan to use in your security policy rules by adding
existing HCOs that you have created for your endpoints. The HCP then acts as a
matching condition within your security policy rules.
HCP uses one or more HCOs to define a security checklist for your firewall. When a
device connects, the firewall performs a HIP match to verify the device meets all
the criteria defined in the HCP.
Based on this information, the firewall automatically enforces security rules to
allow or deny access to the GlobalProtect user, ensuring that only compliant
endpoints can connect.
When a traffic flow is evaluated against a security policy, it is checked against the
Host Compliance Profile:
- If there is a match: The corresponding security policy rule is enforced.
- If there is no match: The flow is evaluated against the next rule in sequence, as with any other security policy matching criteria.
To configure a HCP:
- On the firewall(s) hosting GlobalProtect gateway(s), select and then Add the HCO that you have created.
![]()
Enter a Name and Description to identify the HCP.Click Add Match Criteria to open the Host Compliance Object/Profiles Builder and add the required match criteria for the profile. If you want the HCP to evaluate the object as a match only when the criteria in the object is not true for a flow, select the NOT check box before adding the object.Continue adding match criteria for the profile that you are creating. Make sure to select the appropriate radio button (AND or OR) between each addition (and, again, using the NOT check box when appropriate.After you add all your match criteria, click OK to save the profile.Repeat these steps to create each additional HCP you require. The maximum number of HCPs supported is 127. This is the maximum number of HCPs you can add to a security policy.Commit the changes.
