Palo Alto Networks Knowledgebase: How to Restrict a Security Policy to Windows and MAC Machines Using GlobalProtect HIP Profiles

How to Restrict a Security Policy to Windows and MAC Machines Using GlobalProtect HIP Profiles

4883
Created On 02/08/19 00:07 AM - Last Updated 02/08/19 00:07 AM
VPNs
Resolution

Overview

This document describes how to configure HIP profiles for Windows and MAC GlobalProtect users only and then create a security policy to restrict them from using internal/external resources.

Steps

  1. Create two separate HIP objects for Windows and MAC for all of their respective versions.


  2. Create a HIP profile and make sure that the OR operation is selected for both HIP objects. The OR operation is important because one particular workstation cannot be MAC and Windows at the same time when logging through GlobalProtect, even if a Windows VM is running on a MAC or vice-versa.
  3. Setup HIP notification for non-authorized trespassers. This is configured under GlobalProtect Gateway > Client Configuration > HIP Notification
  4. Create a security policy and apply the HIP profile to that security policy. GP zone is the zone where the tunnel terminates on.

owner: kadak



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKjCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language