One of the jobs of the GlobalProtect app is to collect information about the host it is running on. The app then submits this host information to the GlobalProtect gateway upon successful connection. The gateway matches this raw host information submitted by the app against any HIP objects and HIP profiles that you have defined. If it finds a match, it generates an entry in the HIP Match log. Additionally, if it finds a HIP profile match in a policy rule, it enforces the corresponding security policy.

HIP checks are performed when the app connects to the gateway and subsequent checks are performed hourly while the GlobalProtect agent is connected. The GlobalProtect agent can request an updated HIP report if the previous HIP check has changed. Only the latest HIP report is retained on the gateway per endpoint.

The following sections provide information about the use of host information in policy enforcement: