Although you may have stringent security at your corporate network border, your network is really only as secure as the end devices that are accessing it. With today’s workforce becoming more and more mobile, often requiring access to corporate resources from a variety of locations—airports, coffee shops, hotels—and from a variety of devices—both company-provisioned and personal—you must logically extend your network’s security out to your endpoints to ensure comprehensive and consistent security enforcement. The GlobalProtect™ Host Information Profile (HIP) feature enables you to collect information about the security status of your end hosts—such as whether they have the latest security patches and antivirus definitions installed, whether they have disk encryption enabled, whether the device is jailbroken or rooted (mobile devices only), or whether it is running specific software you require within your organization, including custom applications—and base the decision as to whether to allow or deny access to a specific host based on adherence to the host policies you define.

The following topics provide information about the use of host information in policy enforcement. It includes the following sections: