Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

GlobalProtect Administrator’s Guide 35

Set Up the GlobalProtect Infrastructure Configure GlobalProtect Gateways

Step 6 (Optional) Define the notification

messages end users will see when a

security rule with a host information

profile (HIP) is enforced.

This step only applies if you have created

host information profiles and added them

to your security policies. For details on

configuring the HIP feature and for more

detailed information about creating HIP

notification messages, see Use Host

Information in Policy Enforcement.

1. On the

Client Configuration > HIP Notification tab, click Add.

2. Select the

HIP Profile this message applies to from the

drop-down.

3. Select

Match Message or Not Match Message, depending on

whether you want to display the message when the

corresponding HIP profile is matched in policy or when it is not

matched. In some cases you might want to create messages for

both a match and a non-match, depending on what objects you

are matching on and what your objectives are for the policy.

4. Select the

Enable check box and select whether you want to

display the message as a

Pop Up Message or as a System Tray

Balloon

5. Enter the text of your message in the Template text box and

then click

OK.

6. Repeat these steps for each message you want to define.

Step 7 Save the gateway configuration. Click

OK to save the settings and close the GlobalProtect Gateway

dialog.

Step 8 (Optional) Set up access to the Mobile

Security Manager.

This step is required if you are using the

GlobalProtect Mobile Security Manager

to manage end user devices and you are

using HIP-enabled policy enforcement.

This configuration allows the gateway to

communicate with the Mobile Security

Manager to retrieve the HIP reports for

managed mobile devices. For more

details, see Enable Gateway Access to the

Mobile Security Manager.

1. Select

Network > GlobalProtect > MDM and click Add.

2. Enter a

Name for the Mobile Security Manager.

3. (Optional) Select the virtual system to which this Mobile

Security Manager configuration belongs from the

Location

field.

4. Enter the IP address or FQDN of the Mobile Security Manager

Server interface where the gateway will connect to retrieve HIP

reports.

5. (Optional) Set the

Connection Port on which the Mobile

Security Manager will be listening for HIP retrieval requests.

This value must match the value set on the Mobile Security

Manager. By default, this port is set to 5008, which is the port

that the GlobalProtect Mobile Security Manager listens on.

6. If the Mobile Security Manager requires the gateway to present

a certificate to establish an HTTPS connection, select the

Client

Certificate

to use.

7. If the gateway does not trust the Mobile Security Manager

certificate for the interface where it will be connecting, click

Add

in the Trusted Root CA section and select or

Import the root

CA certificate that was used to issue the Mobile Security

Manager server certificate.

8. Click

OK to save the Mobile Security Manager settings.

Step 9 Save the configuration.

Commit your changes.

Configure the Gateway (Continued)