GlobalProtect Portals Agent HIP Data Collection Tab

  • NetworkGlobalProtectPortals<portal-config>Agent<agent-config>HIP Data Collection
Select the HIP Data Collection tab to define the data that the app collects from the endpoint in the HIP report:
GlobalProtect HIP Data Collection Configuration Settings
Collect HIP Data
Clear this option to prevent the app from collecting and sending HIP data.
Enable GlobalProtect to collect HIP data for HIP-based policy enforcement, so the firewall can match HIP data from endpoints against the HIP objects and/or HIP profiles you define and then apply the appropriate policy.
Max Wait Time (sec)
Specify how many seconds the app should search for HIP data before submitting the available data (range is 10-60; default is 20).
Certificate Profile
Select the certificate profile that the GlobalProtect portal uses to match the machine certificate sent by the GlobalProtect app.
Exclude Categories
Select Exclude Categories to specify the host information categories for which you do not want the app to collect HIP data. Select a Category (such as data-loss-prevention) to exclude from HIP collection. After selecting a category, you can Add a particular Vendor and, then, you can Add specific products from the vendor to further refine the exclusion as needed. Click OK to save settings in each dialog.
Custom Checks
Select Custom Checks to define custom host information you want the app to collect. For example, if you have any required applications that are not included in the Vendor or Product lists for creating HIP objects, you can create a custom check to determine whether that application is installed (it has a corresponding Windows registry or Mac plist key) or is currently running (has a corresponding running process):
  • WindowsAdd a check for a particular registry key or key value.
  • MacAdd a check for particular plist key or key value.
  • Process ListAdd the processes you want to check for on user endpoints to see if they are running. For example, to determine whether a software application is running, add the name of the executable file to the process list. You can add a process to the Windows tab, the Mac tab, or both.

Related Documentation