The Host Compliance Service (HCS) for GlobalProtect introduces a cloud-hosted, highly available service that centralizes endpoint posture assessment, distribution, and security policy rule enforcement to address the challenges of delayed host information updates and scalability issues in large-scale deployments.

The HCS centralizes endpoint security posture by processing full HIP reports in the cloud and distributing only the final compliance data or verdicts to subscribed products like NGFW deployments for security policy rule enforcement, which eliminates redundant processing on each firewall.

The GlobalProtect app continues to send HIP reports to GlobalProtect gateways, but the gateways now send these reports to the cloud-hosted HCS, if the HCS is enabled. The HCS processes these HIP reports in the cloud, evaluates them against your defined security policies, converts them into compliance verdicts, and sends the verdicts to the next-generation firewall for security policy rule enforcement.

By centralizing host information processing in the cloud, the HCS delivers the following key advantages:

• Simplified configuration of host compliance objects and host compliance profiles.
• Improved scalability and cost-effectiveness for HIP redistribution, eliminating the need for additional on-premises infrastructure.