What Data Does the GlobalProtect App Collect on Each Operating System?

Describes the data collected by the GlobalProtect app on each operating system.
The GlobalProtect app collects data to help identify or retrieve the host information profile (HIP) for the device for use in HIP-based policy enforcement.

What Data Does the GlobalProtect App Collect on Android?

The following table describes the data collected by the GlobalProtect app on Android devices for HIP-based policy enforcement generated by the fiirewall:
The GlobalProtect app for Android on a Chromebook uses the same HIP report attributes.
HIP Report Attribute
Description
Report Generation Time
Date and time that the HIP report was generated.
User Name
Username that is used to log in to the VPN.
User IP Address
IP address of the users’ Android device.
Machine Name
Host name and serial number of the Android device.
Domain
Field is empty on Android devices.
Serial Number
Serial number of the Android device.
Managed
Value that indicates whether the Android device is managed. If this value is set to
Yes
, the device is managed. If this value is set to
No
, the device is unmanaged.
OS
Application name and vendor name of the target OS.
Host ID
GlobalProtect assigned unique alphanumeric string with length of 16 characters to identify the host. The host ID value is Android ID on Android devices.
Client Version
Version number of the currently installed GlobalProtect app.
WiFi SSID
Specific information about the network connectivity such as
WiFi SSID
on the Android device.
Network Interface
Following settings are identified for the network interface:
  • Interface
    —Type of network interface detected on the Android device.
  • MAC Address
    —MAC address is the unique hardware identifier assigned to each network interface on the Android device.
  • IP Address
    —IP address assigned to each network interface on the Android device.
Mobile Device
Information about the mobile device, including the device name, logon domain, operating system, app version, and the network to which the device is connected.
Tags
Tags to enable you to match against other MDM-based attributes.
Device Compliance
The
Rooted/Jailbroken
attribute is used to determine the compliance status of the Android device that has been rooted or jailbroken to obtain administrative privileges. The security policies can be removed or bypassed in the operating system from a compromised device.
MDM Attributes
When you integrate your GlobalProtect deployment with an MDM vendor, the GlobalProtect app for Android devices can obtain the following data attributes and tags from the MDM system:
  • udid
    —Unique device identifier (UDID) of the Android device.
  • managed-by-mdm
    —Value that indicates whether the Android device is managed. If this value is set to
    Yes
    , the Android device is managed. If this value is set to
    No
    , the Android device is unmanaged.
  • tag
    —Tags to enable you to match against other MDM-based attributes.
  • compliance
    —Compliance status that indicates whether the Android device is compliant with the compliance policies that you have defined.
  • ownership
    —Ownership category of the Android device (for example,
    Employee Owned
    ). This value is appended to the
    Tag
    attribute in the HIP report.

What Data Does the GlobalProtect App Collect on iOS?

The following table describes the data collected by the GlobalProtect app on iOS devices for HIP-based policy enforcement generated by the firewall:
HIP Report Attribute
Description
Report Generation Time
Date and time that the HIP report was generated.
User Name
Username that is used to log in to the VPN.
User IP Address
IP address of the users’ iOS device.
Machine Name
Host name and serial number of the iOS device.
Domain
Field is empty on iOS devices.
Serial Number
Field is empty on iOS device.
Managed
Value that indicates whether the iOS device is managed. If this value is set to
Yes
, the device is managed. If this value is set to
No
, the device is unmanaged.
OS
Application name and vendor name of the target OS.
Host ID
Unique ID that is assigned by GlobalProtect to identify the host. The host ID value is UDID on iOS devices.
Client Version
Version number of the currently installed GlobalProtect app.
WiFi SSID
Information about the network connectivity such as
WiFi SSID
on the iOS device.
Network Interface
Following settings are identified for the network interface:
  • Interface
    —Type of network interface detected on the iOS device.
  • MAC Address
    —MAC address is the unique hardware identifier assigned to each network interface on the iOS device.
  • IP Address
    —IP address assigned to each network interface on the iOS device.
Mobile Device
Information about the mobile device, including the device name, logon domain, operating system, app version, and the network to which the device is connected.
Device Compliance
Following attributes are used to determine the compliance status of the iOS device:
  • Rooted/Jailbroken
    —Status on the iOS device that has been rooted or jailbroken to obtain administrative privileges. The security policies can be removed or bypassed in the operating system from a compromised device.
  • Disk Encryption Not Set
    —Status on the iOS device that is enabled for disk encryption.
  • Passcode Not Set
    —Status on the iOS device that is set to a passcode.
  • Has Malware
    —Status on the iOS device that has malware-infected apps installed.
MDM Attributes
When you integrate your GlobalProtect deployment with an MDM vendor, the GlobalProtect app for iOS devices can obtain the following data attributes and tags from the MDM system:
  • udid
    —Unique device identifier (UDID) of the iOS device.
  • managed-by-mdm
    —Value that indicates whether the iOS device is managed. If this value is set to
    Yes
    , the iOS device is managed. If this value is set to
    No
    , the iOS device is unmanaged.
  • tag
    —Tags to enable you to match against other MDM-based attributes.
  • compliance
    —Compliance status that indicates whether the iOS device is compliant with the compliance policies that you have defined.
  • ownership
    —Ownership category of the iOS device (for example,
    Employee Owned
    ). This value is appended to the
    Tag
    attribute in the HIP report.

What Data Does the GlobalProtect App Collect on Linux?

The following table describes the data collected by the GlobalProtect app on Linux devices for HIP-based policy enforcement generated by the firewall in XML format:
HIP Report Attribute
Description
user-name
Username that is used to log in to the VPN.
ip-address
IP address of the users’ Linux device.
generate-time
Date and time that the HIP report was generated.
host-info
Following options are activated for configuring the host information:
  • managed
    —Value that indicates whether the Linux device is managed. If this value is set to
    Yes
    , the device is managed. If this value is set to
    No
    , the device is unmanaged.
  • serial-number
    —Serial number of the Linux device.
  • client-version
    —Version number of the currently installed GlobalProtect app.
  • os
    —Application name of the target OS.
  • os-vendor
    —Vendor name of the target OS.
  • domain
    —Domain name of the Linux device.
  • host-name
    —Host name of the Linux device.
  • host-id
    —Unique ID that is assigned by GlobalProtect to identify the host. The host ID value is Product UDID on Linux devices.
network-interface
Following settings are identified for the network interface:
  • inteface
    —Type of network interface detected on the Linux device.
  • mac-address
    —MAC address is the unique hardware identifier assigned to each network interface on the Linux device.
  • ip-address
    —IP address assigned to each network interface on the Linux device.
anti-malware
Information about any antivirus or anti-spyware that is enabled or installed on the device, whether real-time anti-virus or anti-spyware protection is enabled on the host, virus definition version, last scan time, and the vendor and product name.
disk-backup
Information about the disk backup status of the device such as whether the disk backup software is installed on the host, the last backup time, and the vendor and product name of the software.
disk-encryption
Information about the disk encryption status of the device such as whether the disk encryption software is installed on the host, the drive or path to check for disk encryption to determine a match, state of the encrypted location, and the vendor and product name of the software.
firewall
Information about whether firewall software is enabled or installed on the host.
patch-management
Information about any patch management software that is installed or enabled on the host and whether the host detected missing patches and the specified severity value. See the Patch Management category for details on each value.

Recommended For You