Hardware reference guide

GlobalProtect Administrator’s Guide 165

GlobalProtect Quick Configs GlobalProtect for Internal HIP Checking and User-Based Access

Step 4 Define how you will authenticate users to

the portal and the gateways.

You can use any combination of certificate profiles and/or

authentication profiles as necessary to ensure the security for your

portal and gateways. Portals and individual gateways can also use

different authentication schemes. See the following sections for

step-by-step instructions:

• Set Up External Authentication (authentication profile)

• Set Up Client Certificate Authentication (certificate profile)

• Set up Two-Factor Authentication (token- or OTP-based)

You will then need to reference the certificate profile and/or

authentication profiles you defined in the portal and gateway

configurations you define.

Step 5 Create the HIP profiles you will need to

enforce security policy on gateway access.

See Use Host Information in Policy

Enforcement for more information on

HIP matching.

1. Create the HIP objects to filter the raw host data collected by

the agents. For example, if you are interested in preventing users

that are not up to date with required patches, you might create a

HIP object to match on whether the patch management

software is installed and that all patches with a given severity are

up to date.

2. Create the HIP profiles that you plan to use in your policies.

For example, if you want to ensure that only Windows users

with up-to-date patches can access your internal applications,

you might attach the following HIP profile that will match hosts

that do NOT have a missing patch:

Quick Config: GlobalProtect Internal Gateway Configuration (Continued)