Background/Overview
The GlobalProtect VPN client reports basic inventory data called a Host Information Profile (HIP) to perform posture assessments for elevated network access. The data collected is limited to:
- Device information, including operating system, MAC address, and serial number.
- Device security settings, including disk encryption, firewall, and auto-update preferences.
- Cortex XDR Application installation and version.
- For access to High Risk network resources, device enrollment in SCCM/MECM or Jamf Pro, and Tenable Nessus vulnerability scanning agent installation and status.
Users
Authorized Global Protect VPN users.
Viewing an Endpoint's GlobalProtect HIP Report
- Click the GlobalProtect globe icon in the macOS menu bar or Windows system tray, click the hamburger menu (☰) at the top right of the Status window, and select Settings.
- In the GlobalProtect Settings window, click Host Information Profile in the sidebar. This displays the last time HIP data was collected and submitted to the VPN server. Expand the individual categories under Advanced Information to drill into the security posture data collected on the endpoint.
Troubleshooting Host Information Profile Policy Failures
The GlobalProtect agent does not provide real-time feedback to users when a connection to a network resource is denied due to a HIP policy failure. Users can consult the chart below and their endpoint’s Host Information Profile to determine why a HIP policy failed. Instructions to remediate most of these issues can be found on the Personal Device Security service page.
If you can't identify the issue or resolve it yourself, open a support ticket.
| OS |
Requirement |
Advanced Information |
Passing Value |
| macOS |
Minimum OS |
host-info > os |
Supported and Patched macOS Version |
| macOS |
Antivirus |
anti-malware > list > entry >
ProductInfo > Cortex XDR |
real-time-protection > yes |
| macOS |
Firewall |
firewall > list > entry > ProductInfo >
Mac OS X Builtin Firewall |
is-enabled > yes |
| macOS |
Encryption |
disk-encryption > list > entry >
ProductInfo > FileVault |
for internal hard drive
(ex. "Macintosh HD"):
drives > entry >
enc-state > encrypted |
| macOS |
Endpoint Management |
Only checked when accessing High Risk services.
patch-management > list > entry >
ProductInfo > Casper Suite |
is-enabled > yes |
| macOS |
Vulnerability Management |
Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint. |
|
| Windows |
Minimum OS |
host-info > os |
Supported and Patched
Windows Version
|
| Windows |
Antivirus |
anti-malware > Cortex XDR |
Real Time Protection: yes
|
| Windows |
Firewall |
firewall > Windows Firewall |
Enabled: yes |
| Windows |
Disk Encryption |
disk-encryption > BitLocker
Drive Encryption |
Location: C:\
Encryption State: encrypted |
| Windows |
Endpoint Management |
Only checked when accessing High Risk services.
patch-management > System Center
Configuration Manager |
Enabled: yes |
| Windows |
Vulnerability Management |
Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint. |
|