GlobalProtect Host Information Profile (HIP)

Background/Overview

The GlobalProtect VPN client reports basic inventory data called a Host Information Profile (HIP) to perform posture assessments for elevated network access. The data collected is limited to:

  • Device information, including operating system, MAC address, and serial number.
  • Device security settings, including disk encryption, firewall, and auto-update preferences.
  • Cortex XDR Application installation and version.
  • For access to High Risk network resources, device enrollment in SCCM/MECM or Jamf Pro, and Tenable Nessus vulnerability scanning agent installation and status.

 

Users

Authorized Global Protect VPN users.

 

Viewing an Endpoint's GlobalProtect HIP Report

  1. Click the GlobalProtect globe icon in the macOS menu bar or Windows system tray, click the hamburger menu (☰) at the top right of the Status window, and select Settings.

GP Combined Hamburger​​​​​​
 

  1. In the GlobalProtect Settings window, click Host Information Profile in the sidebar. This displays the last time HIP data was collected and submitted to the VPN server. Expand the individual categories under Advanced Information to drill into the security posture data collected on the endpoint.

GP MacOS HIP

GP Windows HIP

 

Troubleshooting Host Information Profile Policy Failures

The GlobalProtect agent does not provide real-time feedback to users when a connection to a network resource is denied due to a HIP policy failure. Users can consult the chart below and their endpoint’s Host Information Profile to determine why a HIP policy failed. Instructions to remediate most of these issues can be found on the Personal Device Security service page.

If you can't identify the issue or resolve it yourself, open a support ticket.

OS Requirement Advanced Information Passing Value
macOS Minimum OS host-info -> os Supported and Patched macOS Version
macOS Antivirus anti-malware -> list > entry ->
ProductInfo -> Cortex XDR
real-time-protection > yes
macOS Firewall firewall -> list -> entry -> ProductInfo ->
Mac OS X Builtin Firewall
is-enabled > yes
macOS Encryption disk-encryption -> list -> entry ->
ProductInfo -> FileVault
for internal hard drive
(ex. "Macintosh HD"):
drives > entry >
enc-state > encrypted
macOS Endpoint Management Only checked when accessing High Risk services.
patch-management -> list -> entry ->
ProductInfo -> Casper Suite
is-enabled > yes
macOS Vulnerability Management Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint.
 
Windows  Minimum OS host-info -> os

Supported and Patched
Windows Version

Windows Antivirus anti-malware -> Cortex XDR

Real Time Protection: yes

Windows Firewall firewall -> Windows Firewall Enabled: yes
Windows Disk Encryption disk-encryption -> BitLocker
Drive Encryption
Location: C:\
Encryption State: encrypted
Windows Endpoint Management Only checked when accessing High Risk services.
patch-management -> System Center
Configuration Manager
Enabled: yes
Windows Vulnerability Management Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint.
 
Print Article

Details

Article ID: 90
Created
Fri 2/23/24 9:08 AM
Modified
Tue 6/18/24 2:55 PM

Related Articles (2)

This guide provides instructions for installing Cortex XDR antivirus on Windows, macOS, and Linux operating systems.
This article provides answers to the most commonly received questions about the VPN service.

Related Services / Offerings (3)

Palo Alto Cortex XDR is more advanced than a traditional antivirus solution. Cortex is an extended detection and response app that uses real-time detection to respond to malware and other sophisticated attacks while preventing malicious software from running on devices.
Recommendations for securing your personally owned device on the University's network.
A virtual private network (VPN) provides a secure connection to university networks from anywhere.