GlobalProtect
How Do I Get Visibility into the State of the Endpoints?
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
9.1 (EoL)
- 10.1 & Later
- 9.1 (EoL)
-
-
-
- Deploy App Settings in the Windows Registry
- Deploy App Settings from Msiexec
- Deploy Scripts Using the Windows Registry
- Deploy Scripts Using Msiexec
- SSO Wrapping for Third-Party Credential Providers on Windows Endpoints
- Enable SSO Wrapping for Third-Party Credentials with the Windows Registry
- Enable SSO Wrapping for Third-Party Credentials with the Windows Installer
-
- Mobile Device Management Overview
- Set Up the MDM Integration With GlobalProtect
- Qualified MDM Vendors
-
- Remote Access VPN (Authentication Profile)
- Remote Access VPN (Certificate Profile)
- Remote Access VPN with Two-Factor Authentication
- Always On VPN Configuration
- Remote Access VPN with Pre-Logon
- GlobalProtect Multiple Gateway Configuration
- GlobalProtect for Internal HIP Checking and User-Based Access
- Mixed Internal and External Gateway Configuration
- Captive Portal and Enforce GlobalProtect for Network Access
-
-
- End User Experience
- Management and Logging in Panorama
-
- View a Graphical Display of GlobalProtect User Activity in PAN-OS
- View All GlobalProtect Logs on a Dedicated Page in PAN-OS
- Event Descriptions for the GlobalProtect Logs in PAN-OS
- Filter GlobalProtect Logs for Gateway Latency in PAN-OS
- Restrict Access to GlobalProtect Logs in PAN-OS
- Forward GlobalProtect Logs to an External Service in PAN-OS
- Configure Custom Reports for GlobalProtect in PAN-OS
- Monitoring and High Availability
-
- About GlobalProtect Cipher Selection
- Cipher Exchange Between the GlobalProtect App and Gateway
-
- Reference: GlobalProtect App Cryptographic Functions
-
- Reference: TLS Ciphers Supported by GlobalProtect Apps on macOS Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 10 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 7 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Android 6.0.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on iOS 10.2.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Chromebooks
- Ciphers Used to Set Up IPsec Tunnels
- SSL APIs
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- Download and Install the GlobalProtect App for Windows
- Use Connect Before Logon
- Use Single Sign-On for Smart Card Authentication
- Use the GlobalProtect App for Windows
- Report an Issue From the GlobalProtect App for Windows
- Disconnect the GlobalProtect App for Windows
- Uninstall the GlobalProtect App for Windows
- Fix a Microsoft Installer Conflict
-
- Download and Install the GlobalProtect App for macOS
- Use the GlobalProtect App for macOS
- Report an Issue From the GlobalProtect App for macOS
- Disconnect the GlobalProtect App for macOS
- Uninstall the GlobalProtect App for macOS
- Remove the GlobalProtect Enforcer Kernel Extension
- Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication
-
6.1
- 6.1
- 6.0
- 5.1
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
End-of-Life (EoL)
How Do I Get Visibility into the State of the Endpoints?
Whenever an endpoint connects to GlobalProtect, the
app presents its HIP data to the gateway. The gateway then uses
this data to determine which HIP objects and/or HIP profiles the
host matches. For each match, it generates a HIP Match log entry.
Unlike a traffic log—which only creates a log entry if there is
a policy match—the HIP Match log generates an entry whenever the
raw data submitted by an app matches a HIP object and/or a HIP profile
you have defined. This makes the HIP Match log a good resource for
monitoring the state of the endpoints in your network over time—before
attaching your HIP profiles to security policies—in order to help
you determine exactly what policies you believe need enforcement.
Because a HIP Match log is only generated when the host state
matches a HIP object you have created, for full visibility into
the endpoint state, you may need to create multiple HIP objects to
log HIP matches for endpoints that are in compliance with a particular
state (for security policy enforcement purposes) as well as endpoints
that are non-compliant (for visibility). For example, suppose you
want to prevent an endpoint that does not have antivirus or anti-spyware
software installed from connecting to the network. In this case,
you would create a HIP object that matches hosts that have a particular
antivirus or anti-spyware software installed. By including this
object in a HIP profile and attaching it to the security policy
rule that allows access from your VPN zone, you can ensure that
only hosts that are protected with antivirus or anti-spyware software
can connect.
In this example, you would not be able to view which endpoints
are not in compliance with this requirement in the HIP Match log.
If you want to view a log for endpoints that do not have antivirus
or anti-spyware software installed so that you can follow up with
these users, you can also create a HIP object that matches the condition
where the antivirus or anti-spyware software is not installed. Because
this object is only required for logging purposes, you do not need to
add it to a HIP profile or attach it to a security policy rule.