The GlobalProtect app collects host information and submits it to the GlobalProtect
gateway for policy enforcement based on matches against HIP objects and
profiles.
Using host information profiles for policy enforcement enables granular security that
ensures the remote hosts accessing your critical resources are adequately maintained and
adhere with your security standards before they are allowed access to your network
resources. For example, before allowing access to your most sensitive data systems, you
might want to ensure that the hosts accessing the data have encryption enabled on their
hard drives. You can enforce this policy by creating a security rule that only allows
access to the application if the endpoint system has encryption enabled. In addition,
for endpoints that are not in compliance with this rule, you could create a notification
message that alerts users as to why they have been denied access and links them to the
file share where they can access the installation program for the missing encryption
software (of course, to allow the user to access that file share you would have to
create a corresponding security rule allowing access to the particular share for hosts
with that specific HIP profile match).