One of the jobs of the GlobalProtect app is to collect
information about the host it is running on. The app then submits
this host information to the GlobalProtect gateway upon successful
connection. The gateway matches this raw host information submitted
by the app against any HIP objects and HIP profiles that you have
defined. If it finds a match, it generates an entry in the HIP Match
log. Additionally, if it finds a HIP profile match in a policy rule,
it enforces the corresponding security policy.
HIP checks are performed when the app connects to the gateway
and subsequent checks are performed hourly while the GlobalProtect
agent is connected. The GlobalProtect agent can request an updated
HIP report if the previous HIP check has changed. Only the latest
HIP report is retained on the gateway per endpoint.
Using host information profiles for policy enforcement enables
granular security that ensures the remote hosts accessing your critical
resources are adequately maintained and adhere with your security
standards before they are allowed access to your network resources.
For example, before allowing access to your most sensitive data
systems, you might want to ensure that the hosts accessing the data
have encryption enabled on their hard drives. You can enforce this
policy by creating a security rule that only allows access to the
application if the endpoint system has encryption enabled. In addition,
for endpoints that are not in compliance with this rule, you could
create a notification message that alerts users as to why they have been
denied access and links them to the file share where they can access
the installation program for the missing encryption software (of
course, to allow the user to access that file share you would have
to create a corresponding security rule allowing access to the particular
share for hosts with that specific HIP profile match).