Create Host Compliance Object
Focus
Focus
GlobalProtect

Create Host Compliance Object

Table of Contents

Create Host Compliance Object

This section describes how to create host compliance object
Host Compliance Object (HCO) is a specific, granular security check that the firewall performs on a device trying to connect to your network. The GlobalProtect app installed on the endpoints collects this information and reports it back to the firewall. HCOs are not used directly in security policy rules. Instead, they are added to create HCPs, which are then applied to security policy rules.
You can create one or more HCOs that define the specific criteria for a compliant device (e.g., checking for specific software, patch levels, and so on).
  1. On the firewall(s) hosting GlobalProtect gateway(s), select ObjectsHost Compliance Objects and then Add a new HCO.
  2. Enter a Name and Description for the object.
  3. Define the specific host criteria you want to check by selecting:
    • Category: Select the type of check (e.g., Antivirus, Firewall, Patch Management).
    • Attribute: Define the specific detail to evaluate (e.g., Product Version, Last Scan Time).
    • Operator: Set the comparison logic (e.g., is, is not, contains, is greater than, less than, greater equal, and less equal).
    • Operating System: Choose the OS (e.g., Windows, macOS) and the version to check against.
    The operator of 'Within'/'Not Within' N versions is not supported for attribute 'Product Version' or 'Virus Definition Version' for Anti-Malware category.
  4. Click OK to create the HCO.
  5. Repeat these steps to create each additional HCO you require.
  6. Commit the changes.

Comparison of the HIP Objects and HCO Configurations

The following section compares the configurations of HIP objects and HCOs by category.
Host-Info
HIP Object (Host-Info)
HCO (Host-Info)
Network Info
HIP Object (Network Info)
HCO (Network Info)
Mobile Device
HIP Object (Mobile Device)
HCO (Mobile Device)
Patch Management
HIP Object (Patch Management)
HCO (Patch Management)
Firewall
HIP Object (Firewall)
HCO (Firewall)
Anti-Malware
HIP Object (Anti-Malware)
HCO (Anti-Malware)
Disk Backup
HIP Object (Disk Backup)
HCO (Disk Backup)
Disk Encryption
HIP Object (Disk Encryption)
HCO (Disk Encryption)
Data Loss Prevention
HIP Object (Data Loss Prevention)
HCO (Data Loss Prevention)
Certificate
HIP Object (Certificate)
HCO (Certificate)
Custom Checks (Key Registry)
HIP Object (Custom Checks (Key Registry))
HCO (Custom Checks (Key Registry))
Custom Checks (Plist)
HIP Object (Custom Checks (Plist))
HCO (Custom Checks (Plist))
Custom Checks (Process List)
HIP Object (Custom Checks (Process List))
HCO (Custom Checks (Process List))