Hardware reference guide
88 GlobalProtect Administrator’s Guide
Define Deployment Policies Set Up the GlobalProtect Mobile Security Manager
Step 2 Create the HIP profiles that you plan to
use in your policies.
When you create your HIP profiles, you
can combine the HIP objects you
previously created (as well as other HIP
profiles) using Boolean logic such that
when a traffic flow is evaluated against the
resulting HIP profile it will either match
or not match. If there is a match, the
corresponding policy rule will be
enforced; if there is not a match, the flow
will be evaluated against the next rule, as
with any other policy matching criteria.
1. Select
Policies > Host Information > HIP Profiles and click Add.
2. Enter a descriptive
Name for the profile and optionally a
Description.
3. Click
Add Match Criteria to open the HIP Objects/Profiles
Builder.
4. Select the first HIP object or profile you want to use as match
criteria and then click add to move it over to the
Match text
box on the HIP Profile dialog. Keep in mind that if you want the
HIP profile to evaluate the object as a match only when the
criteria in the object is not true for a flow, select the
NOT check
box before adding the object.
5. Continue adding match criteria as appropriate for the profile
you are building, making sure to select the appropriate Boolean
operator radio button (
AND or OR) between each addition (and,
again, using the
NOT check box when appropriate).
6. If you are creating a complex Boolean expression, you must
manually add the parenthesis in the proper places in the
Match
text box to ensure that the HIP profile is evaluated using the
logic you intend.
7. When you are done adding match criteria, click
OK to save the
profile.
8. Repeat these steps to create each additional HIP profile you
require.
Step 3 (Optional) For privacy reasons, the GPS
location of the mobile device is not
included in the HIP data the app reports
by default. However, you can enable
collection of the GPS location if you
require this information for policy
deployment.
1. Select
Policies > Host Information > Data Collection and then
click the Edit icon in the Data Collection section.
2. Clear the
Exclude GPS Location check box and then click OK.
Step 4 Verify that the HIP objects and HIP
profiles you created are matching
managed devices as expected.
Select
Monitor > Logs > HIP Match. This log shows all of the matches
the Mobile Security Manager identified when evaluating the device
data reported by the app against the defined HIP objects and HIP
profiles.
Create HIP Objects and HIP Profiles (Continued)