Focus

GlobalProtect

Host Information

Table of Contents

Troubleshoot Clientless VPN

Host Information Profile (HIP) in Security Policy Enforcement

Host Information

This chapter provides information on Host Information features on GlobalProtect

Where Can I Use This?	What Do I Need?
NGFW (managed by Panorama or Strata Cloud Manager) Prisma Access (managed by Panorama or Strata Cloud Manager) For Host Compliance Service: NGFW managed by Panorama	GlobalProtect Gateway license or Prisma Access license with the Mobile User subscription For Host Compliance Service: GlobalProtect Subscription License GlobalProtect app 6.0. or later versions PAN-OS 12.1.2 and later versions Cloud Identity Engine Device Certificate

Where Can I Use This?

What Do I Need?

NGFW (managed by Panorama or Strata Cloud Manager)
Prisma Access (managed by Panorama or Strata Cloud Manager)

For Host Compliance Service:

NGFW managed by Panorama

GlobalProtect Gateway license or Prisma Access license with the Mobile User subscription

For Host Compliance Service:

GlobalProtect Subscription License
GlobalProtect app 6.0. or later versions
PAN-OS 12.1.2 and later versions
Cloud Identity Engine
Device Certificate

Although you may have stringent security at your corporate network border, your network is really only as secure as the endpoints that are accessing it. With today’s workforce becoming more mobile and often requiring access to corporate resources from a variety of locations—airports, coffee shops, hotels—and from a variety of endpoints—both company-provisioned and personal—you must logically extend your network’s security to your endpoints to ensure comprehensive and consistent security enforcement. To enforce security policy rule, you can configure either Host Information Profiles (HIP) or Host Compliance Service (HCS) for GlobalProtect:

The GlobalProtect Host Information Profile (HIP) feature enables you to collect information about the security status of your endpoints—such as whether they have the latest security patches and antivirus definitions installed, whether they have disk encryption enabled, whether the endpoint is jailbroken or rooted, or whether it is running specific software you require within your organization—and base the decision as to whether to allow or deny access to a specific host based on adherence to the host policies you define.
(Starting from PAN-OS 12.1.2)The Host Compliance Service for GlobalProtect introduces a cloud-hosted, highly available service that centralizes endpoint posture assessment, distribution, and security policy rule enforcement. The HCS centralizes endpoint security by processing full HIP reports in the cloud and distributing only the final compliance data or verdicts to subscribed products like NGFW deployments for policy rule enforcement, which eliminates redundant processing on each firewall.

Troubleshoot Clientless VPN

Host Information Profile (HIP) in Security Policy Enforcement

GlobalProtect Docs

Host Information

GlobalProtect Docs

Host Information

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner