Host Information
Focus
Focus
GlobalProtect

Host Information

Table of Contents

Host Information

This chapter provides information on Host Information features on GlobalProtect
Although you may have stringent security at your corporate network border, your network is really only as secure as the endpoints that are accessing it. With today’s workforce becoming more mobile and often requiring access to corporate resources from a variety of locations—airports, coffee shops, hotels—and from a variety of endpoints—both company-provisioned and personal—you must logically extend your network’s security to your endpoints to ensure comprehensive and consistent security enforcement. To enforce security policy rule, you can configure either Host Information Profiles (HIP) or Host Compliance Service (HCS) for GlobalProtect:
  • The GlobalProtect Host Information Profile (HIP) feature enables you to collect information about the security status of your endpoints—such as whether they have the latest security patches and antivirus definitions installed, whether they have disk encryption enabled, whether the endpoint is jailbroken or rooted, or whether it is running specific software you require within your organization—and base the decision as to whether to allow or deny access to a specific host based on adherence to the host policies you define.
  • (Starting from PAN-OS 12.1.2)The Host Compliance Service (HCS) for GlobalProtect introduces a cloud-hosted, highly available service that centralizes endpoint posture assessment, distribution, and security policy rule enforcement. The HCS centralizes endpoint security by processing full HIP reports in the cloud and distributing only the final compliance data or verdicts to subscribed products like NGFW deployments for policy rule enforcement, which eliminates redundant processing on each firewall.