Hardware reference guide
140 GlobalProtect Administrator’s Guide
Configure HIP-Based Policy Enforcement Use Host Information in Policy Enforcement
Step 10 Define the notification messages end
users will see when a security rule with a
HIP profile is enforced.
The decision as to when to display a
message (that is, whether to display it
when the user’s configuration matches a
HIP profile in the policy or when it
doesn’t match it), depends largely on your
policy and what a HIP match (or
non-match) means for the user. That is,
does a match mean they are granted full
access to your network resources? Or
does it mean they have limited access due
to a non-compliance issue?
For example, suppose you create a HIP
profile that matches if the required
corporate antivirus and anti-spyware
software packages are not installed. In this
case, you might want to create a HIP
notification message for users who match
the HIP profile telling them that they
need to install the software. Alternatively,
if your HIP profile matched if those same
applications are installed, you might want
to create the message for users who do
not match the profile.
1. On the firewall that is hosting your GlobalProtect gateway(s),
select
Network > GlobalProtect > Gateways.
2. Select a previously-defined gateway configuration to open the
GlobalProtect Gateway dialog.
3. Select
Client Configuration > HIP Notification and then click
Add.
4. Select the
HIP Profile this message applies to from the
drop-down.
5. Select
Match Message or Not Match Message, depending on
whether you want to display the message when the
corresponding HIP profile is matched in policy or when it is not
matched. In some cases you might want to create messages for
both a match and a non-match, depending on what objects you
are matching on and what your objectives are for the policy. For
the Match Message, you can also enable the option to
Include
matched application list in message
to indicate what
applications triggered the HIP match.
6. Select the
Enable check box and select whether you want to
display the message as a
Pop Up Message or as a System Tray
Balloon
.
7. Enter the text of your message in the Template text box and
then click
OK. The text box provides both a WYSIWYG view of
the text and an HTML source view, which you can toggle
between using the Source Edit icon. The toolbar also
provides many options for formatting your text and for creating
hyperlinks to external documents, for example to link users
directly to the download URL for a required software program.
8. Repeat this procedure for each message you want to define.
9.
Commit your changes.
Enable HIP Checking (Continued)