Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

131

132

133

134

135

136

137

138

139

140

134 GlobalProtect Administrator’s Guide

Configure HIP-Based Policy Enforcement Use Host Information in Policy Enforcement

Configure HIP-Based Policy Enforcement

To enable the use of host information in policy enforcement you must complete the following steps. For more

information on the HIP feature, see About Host Information.

Enable HIP Checking

Step 1 Verify proper licensing for HIP checks. To use the HIP feature, you must have purchased and installed a

GlobalProtect Portal license on the firewall where your portal is

configured and a GlobalProtect Gateway subscription license on

each gateway that will perform HIP checks. To verify the status of

your licenses on each portal and gateway, select

Device > Licenses.

Contact your Palo Alto Networks Sales Engineer or Reseller if you

do not have the required licenses. For more information on licensing,

see About GlobalProtect Licenses.

Step 2 (Optional) Define any custom host

information that you want the agent to

collect. For example, if you have any

required applications that are not

included in the Vendor and/or Product

lists for creating HIP objects, you could

create a custom check that will allow you

to determine whether that application is

installed (has a corresponding registry or

plist key) or is running (has a

corresponding running process).

Step 2 and Step 3 assume that you

have already created a Portal

Configuration. If you have not yet

configured your portal, see

Configure the GlobalProtect Portal

for instructions.

1. On the firewall that is hosting your GlobalProtect portal, select

Network > GlobalProtect > Portals.

2. Select your portal configuration to open the GlobalProtect

Portal dialog.

3. On the

Client Configuration tab, select the Client

Configuration to which you want to add a custom HIP check, or

click

Add to create a new client configuration.

4. Select

Data Collection > Custom Checks and then define the

data you want to collect from hosts running this client

configuration as follows:

• To collect information about running processes: Select

the appropriate tab (

Windows or Mac) and then click Add in

the Process List section. Enter the name of the process that

you want the agent to collect information about.

• To collect information about specific registry keys: On

the

Windows tab, click Add in the Registry Key section. Enter

the

Registry Key for which to collect data. Optionally, click

Add to restrict the data collection to a specific Registry Value

or values. Click

OK to save the settings.

• To collect information about specific property lists: On

the

Mac tab, click Add in the Plist section. Enter the Plist for

which to collect data. Optionally, click

Add to restrict the data

collection to specific

Key values. Click OK to save the settings.

5. If this is a new client configuration, complete the rest of the

configuration as desired. For instructions, see Define the

GlobalProtect Client Configurations.

6. Click

OK to save the client configuration.

Commit your changes.