When a mobile user whose endpoint has the GlobalProtect app installed connects to Prisma Access, Prisma Access collects the user’s HIP information from the endpoint’s GlobalProtect app, which makes the HIP report available in Prisma Access.

HIP redistribution is applicable to both mobile users and users at remote networks. However, for users at remote networks, an on-premises gateway must detect that the user is internal to the organization’s network using internal host detection before the on-premises gateway can send HIP information to Prisma Access.

To assure consistent policy enforcement, you can use HIP redistribution to allow Prisma Access to distribute users’ HIP information to other Panorama appliances, gateways, firewalls, and virtual systems in your deployment, as well as distribute HIP information from those devices to Prisma Access in some cases. This ability allows you to consistently apply HIP-based policy enforcement for users’ traffic, including policies for internet-bound traffic or for traffic that is accessing an internal application or resource in your organization’s headquarters or data center. Redistributing HIP information to the Panorama appliance also lets you view detailed HIP information for Prisma Access users from that appliance.