Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

100

GlobalProtect Administrator’s Guide 89

Set Up the GlobalProtect Mobile Security Manager Define Deployment Policies

Create Configuration Profiles

Mobile Security Manager configuration profiles provide a simplified mechanism for pushing configurations and

restrictions to groups of managed devices. Because the configuration profiles you define are pushed to mobile

devices based on policy matches, you can define very specific or very broad configurations and then deploy

them to specific users and groups and/or based on the state of the device and its compliance with your

corporate security requirements.

In addition, you can use configuration profiles to enforce security restrictions, such as forcing the use of a

passcode or restricting device functionalities (such as the use of the camera).

 Web Clip Icons—If you plan to deploy web clips to provide shortcuts to web sites or web-based

applications, you must import the associated web clip icons before creating the corresponding configuration

policies. See Import Web Clip Icons.

Step 5 Define the notification messages device

users will see when a policy rule with a

HIP profile is enforced.

The decision as to when to display a

message (that is, whether to display it

when the user’s configuration matches a

HIP profile in the policy or when it

doesn’t match it), depends largely on your

policy and what a HIP match (or

non-match) means for the user. That is,

does a match mean they are granted full

access to your network resources? Or

does it mean they have limited access due

to a non-compliance issue?

For example, suppose you create a HIP

profile that matches if the device data is

not encrypted as required by corporate

policy. In this case, you might want to

create a HIP notification message for

users who match the HIP profile telling

them that they need to enable disk

encryption before they can receive the

configuration profiles that enable access

to corporate resources. Alternatively, if

your HIP profile matches devices that do

have disk encryption enabled, you might

instead want to create the message for

users who do not match the profile.

1. Select

Policies > Host Information > Notifications and then

click

Add.

2. Select the

HIP Profile this message applies to from the

drop-down.

3. Select

Match Message or Not Match Message, depending on

whether you want to display the message when the

corresponding HIP profile is matched in policy or when it is not

matched. In some cases you might want to create messages for

both a match and a non-match, depending on what objects you

are matching on and what your objectives are for the policy.

4. (Match messages only) Select the

Include App List check box to

indicate what app(s) triggered the HIP match in the notification

message.

5. Select the

Enable check box and then enter the text of your

message in the

Template text box.

6. Click

OK to save the HIP notification message.

7. Repeat this procedure for each message you want to define.

Step 6 Save the HIP configuration. Click

Commit.

Create HIP Objects and HIP Profiles (Continued)