HIP Objects General Tab
- ObjectsGlobalProtectHIP Objects<hip-object>General
Select the General tab to specify a name for the new HIP object and configure the object to match against general host information such as domain, operating system, or the type of network connectivity it has.
HIP Object General Settings
Enter a name for the HIP object (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
If you select Shared, the current HIP objects become available to:
Every virtual system (vsys) on the firewall, if you are logged in to a firewall that is in multiple virtual system mode. If you clear this selection, the object will be available to only the vsys selected in the Virtual System drop-down of the Objects tab. For a firewall that is not in multi-vsys mode, this option is not available in the HIP Object dialog.
All device groups on Panorama™. If you clear this selection, the object will be available only to the device group selected in the Device Group drop-down of the Objects tab.
After you save the object, you cannot change its Shared setting. Select ObjectsGlobalProtectHIP Objects to see the current Location.
(Optional) Enter a description.
Select this option to activate the options for configuring the host information.
Filter based on whether the endpoint is managed or not managed. To match endpoints that are managed, select Yes. To match endpoints that are not managed, select No.
Disable override (Panorama only)
Controls override access to the HIP object in the device groups that are descendants of the Device Group selected in the Objects tab. Select this option to prevent administrators from creating local copies of the object in descendant device groups by overriding its inherited values. This option is cleared by default (override is enabled).
To match on a domain name, choose an operator from the drop-down and enter a string to match.
To match on a host OS, choose Contains from the first drop-down, select a vendor from the second drop-down, and then select an OS version from the third drop-down; or you can select All to match on any OS version from the selected vendor.
To match on a specific version number, select an operator from the drop-down and then enter a string to match (or not match) in the text box.
To match on a specific host name or part of a host name, select an operator from the drop-down and then enter a string to match (or not match, depending on what operator you selected) in the text box.
The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by device type:
To match on a specific host ID, select the operator from the drop-down and then enter a string to match (or not match, depending on what operator you selected) in the text box.
To match on all or part of an endpoint serial number, choose an operator from the drop-down and then enter a string to match.
Use this field to enable filtering on a specific mobile device network configuration. This match criteria applies to mobile devices only.
Select an operator from the drop-down and then select the type of network connection to filter on from the second drop-down: Wifi, Mobile, Ethernet (available only for Is Not filters), or Unknown. After you select a network type, enter any additional strings to match on, if available, such as the Mobile Carrier or Wifi SSID.
HIP Objects Mobile Device Tab
HIP Objects Mobile Device Tab Objects GlobalProtect HIP Objects Mobile Device Select the Mobile Device tab to enable HIP matching on data collected from mobile ...
Objects > GlobalProtect > HIP Profiles
Objects > GlobalProtect > HIP Profiles Select Objects GlobalProtect HIP Profiles to create the HIP profiles—a collection of HIP objects to be evaluated together either ...
Configure HIP-Based Policy Enforcement
Configure HIP-Based Policy Enforcement To enable the use of host information in policy enforcement, you must complete the following steps. For more information on the ...
Objects > GlobalProtect > HIP Objects
Objects > GlobalProtect > HIP Objects Select Objects GlobalProtect HIP Objects to define objects for a host information profile (HIP). HIP objects provide the matching ...
HIP Objects Anti-Malware Tab
HIP Objects Anti-Malware Tab Objects GlobalProtect HIP Objects Anti-Malware Select the Anti-Malware tab to enable HIP matching based on the antivirus or anti-spyware coverage on ...
HIP Objects Disk Backup Tab
HIP Objects Disk Backup Tab Objects GlobalProtect HIP Objects Disk Backup Select the Disk Backup tab to enable HIP matching based on the disk backup ...
Collect Application and Process Data From Endpoints
Collect Application and Process Data From Endpoints The Windows Registry and macOS plist can be used to configure and store settings for Windows and Mac ...
HIP-Based Policy Enforcement Based on the Endpoint Status
HIP-Based Policy Enforcement Based on the Endpoint Status Use the following steps to enforce HIP-based security policies based on the status of connecting endpoints: To ...
HIP Objects Disk Encryption Tab
HIP Objects Disk Encryption Tab Objects GlobalProtect HIP Objects Disk Encryption Select the Disk Encryption tab to enable HIP matching based on the disk encryption ...