Block Device Access
In the event that a user loses a device that provides GlobalProtect access to your network, that device is stolen, or a user leaves your organization, you can block the device from gaining access to the network by placing the device in a block list.
A block list is local to a logical network location (vsys, 1 for example) and can contain a maximum of 1,000 devices per location. Therefore, you can create separate device block lists for each location hosting a GlobalProtect deployments.
- Identify the host ID for the endpoints you want to block.The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by device type:
If you do not know the host ID, you can correlate the user-ID to the host ID in the HIP Match logs:
- Windows—Machine GUID stored in the Windows registry (HKEY_Local_Machine\Software\Microsoft\Cryptography\MachineGuid)
- macOS—MAC address of the first built-in physical network interface
- Android—Android ID
- Chrome—GlobalProtect assigned unique alphanumeric string with length of 32 characters
- Select.MonitorLogsHIP Match
- Filter the HIP match logs for the source user associated with the device.
- Open the HIP match log and identify the host ID underand optionally the hostname underOSHost ID.Host InformationMachine Name
- Create a device block list.You cannot use Panorama templates to push a device block list to firewalls.
- SelectandNetworkGlobalProtectDevice Block ListAdda device block list.
- Enter a descriptiveNamefor the list.
- For a firewall with more than one virtual system (vsys), select theLocation(vsys orShared) where the profile is available.
- Add a device to a block list.
- Adddevices. Enter the host ID (required) and hostname (optional) for a device you need to block.
- Addadditional devices, if needed.
- ClickOKto save and activate the block list.The device list does not require a commit and is immediately active.
Network > GlobalProtect > Block List
Network > GlobalProtect > Block List Select Network GlobalProtect Device Block List ( firewall only ) to add devices to the GlobalProtect device block list. ...
HIP Objects General Tab
HIP Objects General Tab Select Objects GlobalProtect HIP Objects General to specify a name for the new HIP object and configure the object to match ...
HIP Match Log Fields
HIP Match syslog field descriptions for PAN-OS 8.0 through 8.0.4, as well as PAN-OS 8.0.11 and later releases. ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
What Data Does the GlobalProtect Agent Collect?
What Data Does the GlobalProtect Agent Collect? By default, the GlobalProtect agent collects vendor-specific data about the end user security packages that are running on ...
Configure a GlobalProtect Gateway
Configure a GlobalProtect gateway to enforce security policies and provide VPN access for your users. ...
Deploy User-Specific Client Certificates for Authentication
Deploy User-Specific Client Certificates for Authentication To authenticate individual users, you must issue a unique client certificate to each GlobalProtect user and deploy the client ...
Configure GlobalProtect to Retrieve Host Information
Configure GlobalProtect to Retrieve Host Information Follow these instructions to configure GlobalProtect to retrieve host information from devices managed by AirWatch. Install and configure the ...
Configure HIP-Based Policy Enforcement
Configure HIP-Based Policy Enforcement To enable the use of host information in policy enforcement you must complete the following steps. For more information on the ...