Hardware reference guide
126 GlobalProtect Administrator’s Guide
Create Security Policies for Mobile Device Traffic Enforcement Manage Mobile Devices
Create Security Policies for Mobile Device Traffic
Enforcement
The deployment policies you create on the GlobalProtect Mobile Security Manager provide simplified account
provisioning for access to your corporate applications for mobile device users. Although you have granular
control over which users get polices that enable access to which applications—based on user/group and or
device compliance—the Mobile Security Manager does not provide traffic enforcement of mobile device traffic.
While the GlobalProtect gateway already has the ability to enforce security policy for GlobalProtect app users,
the offering of HIP match information for mobile devices is somewhat limited. However, because the Mobile
Security Manager collects comprehensive HIP data from the devices it manages, by leveraging the HIP data that
the Mobile Security Manager collects, you can create very granular security policies on your GlobalProtect
gateways that enable you to take into account device compliance and tags from the Mobile Security Manager.
For example, you could create one security policy on the gateway allowing mobile devices with the tag
“company-provisioned” full access to your network, and provide a second security policy for allowing mobile
devices with the tag “personal-device” access to the Internet only.
Create Security Policy for Managed Devices on the GlobalProtect Gateway
Step 1 Configure the GlobalProtect gateways to
retrieve HIP reports from the Mobile
Security Manager.
Although the
Connection Port
value is configurable on the
gateway, the Mobile Security
Manager requires that you leave the
value set to
5008. The option to
configure this value is provided to
enable integration with third-party
MDM solutions.
See Enable Gateway Access to the Mobile Security Manager for
detailed instructions.