To ensure consistent Host Information Profile
(HIP) policy enforcement and to simplify policy management, the
HIP Report Redistribution feature enables you to distribute HIP
reports received from the GlobalProtect app—and sent to an internal
or external GlobalProtect gateway—to other gateways, firewalls,
Dedicated Log Collectors (DLC), and Panorama appliances in the enterprise.
HIP report redistribution in the following use cases:
want to apply consistent policies to both internal and external
GlobalProtect gateways. Previously, you could use only internal
gateways to enforce HIP rules for traffic coming from external gateways
and had to configure the internal gateways with exception policies
to not enforce HIP rules for traffic coming from external gateways;
or you could duplicate every HIP profile and policy of every internal
gateway on every external gateway to consistently enforce HIP policies.
You want to apply consistent HIP policies for traffic for
a specific user that goes through multiple firewalls. Previously,
you only could configure each internal gateway to receive a HIP
report from each individual endpoint, which caused delays and excessive
traffic load on the firewall.
You have a distributed enterprise deployment (for example,
a retail store with many locations) and you want to use the data
center gateways more efficiently.
Users access the internal
network from multiple gateways and, at each entry point, the gateway
runs HIP and User-ID-based policies. After the users enter the internal
network, they access applications in the data center. However, to
enforce user and HIP-based policies, you need to configure every data
center firewall as an internal GlobalProtect gateway.
you enable HIP report redistribution, you need to configure only
the entry points as internal gateways—you do not need to configure
the data center firewalls as internal gateways—to enforce policies
based on User-ID and host information.