Focus

Next-Generation Firewall

HIP Objects Mobile Device Tab

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

HIP Objects General Tab

HIP Objects Patch Management Tab

HIP Objects Mobile Device Tab

ObjectsGlobalProtectHIP Objects<hip-object>Mobile Device

Select the Mobile Device tab to enable HIP matching on data collected from mobile devices that run the GlobalProtect app.

To collect mobile device attributes and utilize them in HIP enforcement policies, GlobalProtect requires an MDM server. GlobalProtect currently supports HIP integration with the AirWatch MDM server.

HIP Object Mobile Device Settings	Description
Mobile Device	Select this option to enable filtering on host data collected from mobile devices that are running the GlobalProtect app and to enable the Device, Settings, and Apps tabs.
Device tab	Model—To match on a particular device model, choose an operator from the drop-down and enter a string to match. Tag—To match on tag value defined on the GlobalProtect Mobile Security Manager, choose an operator from the first drop-down and then select a tag from the second drop-down. Phone Number—To match on all or part of a device phone number, choose an operator from the drop-down and enter a string to match. IMEI—To match on all or part of a device International Mobile Equipment Identity (IMEI) number, choose an operator from the drop-down and enter a string to match.
Settings tab	Passcode—Filter based on whether the device has a passcode set. To match devices that have a passcode set, select Yes. To match devices that do not have a passcode set, select no. Rooted/Jailbroken—Filter based on whether the device has been rooted or jailbroken. To match devices that have been rooted or jailbroken, select Yes. To match devices that have not been rooted or jailbroken, select No. Disk Encryption—Filter based on whether the device data has been encrypted. To match devices that have disk encryption enabled, select yes. To match devices that do not have disk encryption enabled, select no. Time Since Last Check-in—Filter based on when the device last checked in with the MDM. Select an operator from the drop-down and then specify the number of days for the check-in window. For example, you could define the object to match devices that have not checked in within the last 5 days.
Apps tab	Apps—(`Android devices only`) Select this option to enable filtering based on the apps that are installed on the device and whether or not the device has any malware-infected apps installed. Criteria tab Has Malware—Select Yes to match devices that have malware-infected apps installed. Select No to match devices that do not have malware-infected apps installed. Select None to not use Has Malware as match criteria. Include tab Package—To match devices that have specific apps installed, Add an app and enter the unique app name in reverse DNS format. For example, com.netflix.mediaclient and then enter the corresponding app Hash, which the GlobalProtect app calculates and submits with the device HIP report.

HIP Objects General Tab

HIP Objects Patch Management Tab

Next-Generation Firewall Docs

HIP Objects Mobile Device Tab

Next-Generation Firewall Docs

HIP Objects Mobile Device Tab

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner