Focus

GlobalProtect

Create Host Compliance Object

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Select a Document
- 10.1 & Later
- 9.1 (EoL)
User Guide
Select a Document
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Select a Document
- 6.1
- 6.0
- 5.1
Release Notes
Select a Document
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

Configure Host Compliance Services-based Security Policy

Create Host Compliance Profile with Host Compliance Objects

Create Host Compliance Object

This section describes how to create host compliance object

Host Compliance Object (HCO) is a specific, granular security check that the firewall performs on a device trying to connect to your network. The GlobalProtect app installed on the endpoints collects this information and reports it back to the firewall. HCOs are not used directly in security policy rules. Instead, they are added to create HCPs, which are then applied to security policy rules.

You can create one or more HCOs that define the specific criteria for a compliant device (e.g., checking for specific software, patch levels, and so on).

On the firewall(s) hosting GlobalProtect gateway(s), select ObjectsHost Compliance Objects and then Add a new HCO.
Enter a Name and Description for the object.
Define the specific host criteria you want to check by selecting:
- Category: Select the type of check (e.g., Antivirus, Firewall, Patch Management).
- Attribute: Define the specific detail to evaluate (e.g., Product Version, Last Scan Time).
- Operator: Set the comparison logic (e.g., is, is not, contains, is greater than, less than, greater equal, and less equal).
- Operating System: Choose the OS (e.g., Windows, macOS) and the version to check against.
The operator of 'Within'/'Not Within' N versions is not supported for attribute 'Product Version' or 'Virus Definition Version' for Anti-Malware category.
Click OK to create the HCO.
Repeat these steps to create each additional HCO you require.
Commit the changes.

Comparison of the HIP Objects and HCO Configurations

The following section compares the configurations of HIP objects and HCOs by category.

Host-Info

HIP Object (Host-Info)

HCO (Host-Info)

Network Info

HIP Object (Network Info)

HCO (Network Info)

Mobile Device

HIP Object (Mobile Device)

HCO (Mobile Device)

Patch Management

HIP Object (Patch Management)

HCO (Patch Management)

Firewall

HIP Object (Firewall)

HCO (Firewall)

Anti-Malware

HIP Object (Anti-Malware)

HCO (Anti-Malware)

Disk Backup

HIP Object (Disk Backup)

HCO (Disk Backup)

Disk Encryption

HIP Object (Disk Encryption)

HCO (Disk Encryption)

Data Loss Prevention

HIP Object (Data Loss Prevention)

HCO (Data Loss Prevention)

Certificate

HIP Object (Certificate)

HCO (Certificate)

Custom Checks (Key Registry)

HIP Object (Custom Checks (Key Registry))

HCO (Custom Checks (Key Registry))

Custom Checks (Plist)

HIP Object (Custom Checks (Plist))

HCO (Custom Checks (Plist))

Custom Checks (Process List)

HIP Object (Custom Checks (Process List))

HCO (Custom Checks (Process List))

Configure Host Compliance Services-based Security Policy

Create Host Compliance Profile with Host Compliance Objects

GlobalProtect Docs

Create Host Compliance Object

GlobalProtect Docs

Create Host Compliance Object

Comparison of the HIP Objects and HCO Configurations

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner

Translated Documents