Hardware reference guide
130 GlobalProtect Administrator’s Guide
About Host Information Use Host Information in Policy Enforcement
About Host Information
One of the jobs of the GlobalProtect agent is to collect information about the host it is running on. The agent
then submits this host information to the GlobalProtect gateway upon successfully connecting. The gateway
matches this raw host information submitted by the agent against any HIP objects and HIP profiles you have
defined. If it finds a match, it generates an entry in the HIP Match log. Additionally, if it finds a HIP profile
match in a policy rule, it enforces the corresponding security policy.
Using host information profiles for policy enforcement enables granular security that ensures that the remote
hosts accessing your critical resources are adequately maintained and in adherence with your security standards
before they are allowed access to your network resources. For example, before allowing access to your most
sensitive data systems, you might want to ensure that the hosts accessing the data have encryption enabled on
their hard drives. You can enforce this policy by creating a security rule that only allows access to the application
if the client system has encryption enabled. In addition, for clients that are not in compliance with this rule, you
could create a notification message that alerts users as to why they have been denied access and links them to
the file share where they can access the installation program for the missing encryption software (of course, to
allow the user to access that file share you would have to create a corresponding security rule allowing access to
the particular share for hosts with that specific HIP profile match).
What Data Does the GlobalProtect Agent Collect?
How Does the Gateway Use the Host Information to Enforce Policy?
How Do Users Know if Their Systems are Compliant?
What Data Does the GlobalProtect Agent Collect?
By default, he GlobalProtect agent collects vendor-specific data about the end user security packages that are
running on the computer (as compiled by the OPSWAT global partnership program) and reports this data to
the GlobalProtect gateway for use in policy enforcement.
Because security software must continually evolve to ensure end user protection, your GlobalProtect portal and
gateway licenses also enable you to get dynamic updates for the GlobalProtect data file with the latest patch and
software versions available for each package.
While the agent collects a comprehensive amount of data about the host it is running on, you may have
additional software that you require your end-users to run in order to connect to your network or to access
certain resources. In this case, you can define custom checks that instruct the agent to collect specific registry
information (on Windows clients), preference list (plist) information (on Mac OS clients), or to collect
information about whether or not specific services are running on the host.
The agent collects data about the following categories of information by default, to help to identify the security
state of the host:
Table: Data Collection Categories
Category Data Collected
General
Information about the host itself, including the hostname, logon domain, operating
system, client version, and, for Windows systems, the domain to which the machine
belongs.