Hardware reference guide
136 GlobalProtect Administrator’s Guide
Configure HIP-Based Policy Enforcement Use Host Information in Policy Enforcement
Step 4 Create the HIP objects to filter the raw
host data collected by the agents.
The best way to determine what HIP
objects you need is to determine how you
will use the host information you collect
to enforce policy. Keep in mind that the
HIP objects themselves are merely
building blocks that allow you to create
the HIP profiles that are used in your
security policies. Therefore, you may want
to keep your objects simple, matching on
one thing, such as the presence of a
particular type of required software,
membership in a specific domain, or the
presence of a specific client OS. By doing
this, you will have the flexibility to create
a very granular (and very powerful)
HIP-augmented policy.
For details on a specific HIP
category or field, refer to the online
help.
1. On the gateway (or on Panorama if you plan to share the HIP
objects among multiple gateways), select
Objects >
GlobalProtect > HIP Objects
and click Add.
2. On the
General tab, enter a Name for the object.
3. Select the tab that corresponds to the category of host
information you are interested in matching against and select
the check box to enable the object to match against the category.
For example, to create an object that looks for information
about Antivirus software, select the
Antivirus tab and then
select the
Antivirus check box to enable the corresponding
fields. Complete the fields to define the desired matching
criteria. For example, the following screenshot shows how to
create an object that will match if the Symantec Norton
AntiVirus 2004 Professional application is installed, has Real
Time Protection enabled, and has virus definitions that have
been updated within the last 5 days.
Repeat this step for each category you want to match against in
this object. For more information, see Table: Data Collection
Categories.
4. Click
OK to save the HIP object.
5. Repeat these steps to create each additional HIP object you
require.
6.
Commit your changes.
Enable HIP Checking (Continued)