Block Device Access
In the event that a user loses a device that provides GlobalProtect access to your network, that device is stolen, or a user leaves your organization, you can block the device from gaining access to the network by placing the device in a block list.
A block list is local to a logical network location (vsys, 1 for example) and can contain a maximum of 1,000 devices per location. Therefore, you can create separate device block lists for each location hosting a GlobalProtect deployments.
- Identify the host ID for the endpoints you want
to block.The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by device type:
If you do not know the host ID, you can correlate the user-ID to the host ID in the HIP Match logs:
- Windows—Machine GUID stored in the Windows registry (HKEY_Local_Machine\Software\Microsoft\Cryptography\MachineGuid)
- macOS—MAC address of the first built-in physical network interface
- Android—Android ID
- Chrome—GlobalProtect assigned unique alphanumeric string with length of 32 characters
- Select MonitorLogsHIP Match.
- Filter the HIP match logs for the source user associated with the device.
- Open the HIP match log and identify the host ID under OSHost ID and optionally the hostname under Host InformationMachine Name.
- Create a device block list.You cannot use Panorama templates to push a device block list to firewalls.
- Select NetworkGlobalProtectDevice Block List and Add a device block list.
- Enter a descriptive Name for the list.
- For a firewall with more than one virtual system (vsys), select the Location (vsys or Shared) where the profile is available.
- Add a device to a block list.
- Add devices. Enter the host ID (required) and hostname (optional) for a device you need to block.
- Add additional devices, if needed.
- Click OK to save and activate
the block list.The device list does not require a commit and is immediately active.
Network > GlobalProtect > Block List
Network > GlobalProtect > Block List Select Network > GlobalProtect > Device Block List ( firewall only ) to add devices to the GlobalProtect device ...
Objects > GlobalProtect > HIP Objects
Objects > GlobalProtect > HIP Objects Select Objects > GlobalProtect > HIP Objects to define objects for a host information profile ( HIP). HIP objects ...
Block Access from Lost or Stolen and Unknown Devices
Block Access from Lost or Stolen and Unknown Devices For greater protection against unauthorized network access, you can now block device access to the network ...
Syslog Field Descriptions
Syslog Field Descriptions The following topics list the standard fields of each log type that Palo Alto Networks firewalls can forward to an external server, ...
Network > GlobalProtect > Portals
Network > GlobalProtect > Portals Select Network > GlobalProtect > Portals to set up and manage a GlobalProtect™ portal. The portal provides the management functions ...
What Data Does the GlobalProtect Agent Collect?
What Data Does the GlobalProtect Agent Collect? By default, the GlobalProtect agent collects vendor-specific data about the end user security packages that are running on ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
Network > GlobalProtect > Gateways
Network > GlobalProtect > Gateways Select Network > GlobalProtect > Gateways to configure a GlobalProtect gateway. A gateway can provide VPN connections for GlobalProtect agents ...
Configure a GlobalProtect Gateway
Configure a GlobalProtect gateway to enforce security policies and provide VPN access for your users. ...