Hardware reference guide

GlobalProtect Administrator’s Guide 129

Use Host Information in Policy

Enforcement

Although you may have stringent security at your corporate network border, your network is really only as secure

as the end devices that are accessing it. With today’s workforce becoming more and more mobile, often requiring

access to corporate resources from a variety of locations—airports, coffee shops, hotels—and from a variety of

devices—both company-provisioned and personal—you must logically extend your network’s security out to

your endpoints to ensure comprehensive and consistent security enforcement. The GlobalProtect Host

Information Profile (HIP) feature enables you to collect information about the security status of your end

hosts—such as whether they have the latest security patches and antivirus definitions installed, whether they

have disk encryption enabled, whether the device is jailbroken or rooted (mobile devices only), or whether it is

running specific software you require within your organization, including custom applications—and base the

decision as to whether to allow or deny access to a specific host based on adherence to the host policies you

define.

This chapter provides information about the use of host information in policy enforcement. It includes the

following sections:

 About Host Information

 Configure HIP-Based Policy Enforcement