The Host Compliance Service (HCS) for GlobalProtect introduces a cloud-hosted, highly available service that centralizes endpoint posture assessment, distribution, and security policy rule enforcement.

The HCS centralizes endpoint security by processing full HIP reports in the cloud and distributing only the final compliance data or verdicts to subscribed products like NGFW deployments for policy rule enforcement, which eliminates redundant processing on each firewall.

GlobalProtect app continues to send Host Compliance reports to GlobalProtect gateways, but the gateways now send these reports to the cloud-hosted HCS, if the HCS is enabled. The HCS processes HIP reports in the cloud, performs the evaluation against your defined security policies, and converts them into compliance verdicts and send those verdicts to the next generation firewall.

The HCS feature significantly improves HIP redistribution for large-scale GlobalProtect deployments. It addresses the challenges of delayed host information updates and scalability issues.

HCS for GlobalProtect provides:

• Simplified configuration of host compliance objects and host compliance profiles.
• Improved scalability and cost-effectiveness for HIP redistribution, eliminating the need for additional on-premises infrastructure.

Use the following procedure to configure the HCS for the GlobalProtect as listed out in three sections:

Before you begin:

• Ensure that the GlobalProtect Portals and Configure a GlobalProtect Gateway is configured.