HIP Objects General Tab
to specify a name for the new HIP object and configure the object to match against general host information such as domain, operating system, or the type of network connectivity it has.
HIP Object General Settings
Enter a name for the HIP object (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
If you select
Shared, the current HIP objects become available to:
Every virtual system (vsys) on the firewall, if you are logged in to a firewall that is in multiple virtual system mode. If you clear this selection, the object will be available to only the vsys selected in the
Virtual Systemdrop-down of the
Objectstab. For a firewall that is not in multi-vsys mode, this option is not available in the HIP Object dialog.
All device groups on Panorama™. If you clear this selection, the object will be available only to the device group selected in the
Device Groupdrop-down of the
After you save the object, you cannot change its
to see the current
Optional) Enter a description.
Disable override (
Controls override access to the HIP object in the device groups that are descendants of the
Device Groupselected in the
Objectstab. Select this option to prevent administrators from creating local copies of the object in descendant device groups by overriding its inherited values. This option is cleared by default (override is enabled).
Select this option to activate the options for configuring the host information.
To match on a domain name, choose an operator from the drop-down and enter a string to match.
To match on a host OS, choose
Containsfrom the first drop-down, select a vendor from the second drop-down, and then select an OS version from the third drop-down; or you can select
Allto match on any OS version from the selected vendor.
To match on a specific version number, select an operator from the drop-down and then enter a string to match (or not match) in the text box.
To match on a specific host name or part of a host name, select an operator from the drop-down and then enter a string to match (or not match, depending on what operator you selected) in the text box.
The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by device type:
To match on a specific host ID, select the operator from the drop-down and then enter a string to match (or not match, depending on what operator you selected) in the text box.
Use this field to enable filtering on a specific mobile device network configuration. This match criteria applies to mobile devices only.
Select an operator from the drop-down and then select the type of network connection to filter on from the second drop-down:
Ethernet(available only for
Is Notfilters), or
Unknown. After you select a network type, enter any additional strings to match on, if available, such as the Mobile
HIP Objects Mobile Device Tab
HIP Objects Mobile Device Tab Select Objects GlobalProtect HIP Objects Mobile Device to enable HIP matching on data collected from mobile devices that run the ...
Objects > GlobalProtect > HIP Profiles
Objects > GlobalProtect > HIP Profiles Select Objects GlobalProtect HIP Profiles to create the HIP profiles—a collection of HIP objects to be evaluated together either ...
Configure HIP-Based Policy Enforcement
Configure HIP-Based Policy Enforcement To enable the use of host information in policy enforcement, you must complete the following steps. For more information on the ...
Objects > GlobalProtect > HIP Objects
Objects > GlobalProtect > HIP Objects Select Objects GlobalProtect HIP Objects to define objects for a host information profile (HIP). HIP objects provide the matching ...
HIP Objects Anti-Malware Tab
HIP Objects Anti-Malware Tab Select Objects GlobalProtect HIP Objects Anti-Malware to enable HIP matching based on the antivirus or anti-spyware coverage on the GlobalProtect endpoints. ...
HIP Objects Disk Backup Tab
HIP Objects Disk Backup Tab Select Objects GlobalProtect HIP Objects Disk Backup to enable HIP matching based on the disk backup status of the GlobalProtect ...
Collect Application and Process Data From Endpoints
Collect Application and Process Data From Endpoints The Windows Registry and macOS plist can be used to configure and store settings for Windows and Mac ...
HIP Objects Disk Encryption Tab
HIP Objects Disk Encryption Tab Select Objects GlobalProtect HIP Objects Disk Encryption to enable HIP matching based on the disk encryption status of the GlobalProtect ...
Create Objects for Use in Shared or Device Group Policy
Create Objects for Use in Shared or Device Group Policy You can use an object in any policy rule that is in the Shared location, ...