How to Restrict a Security Policy to Windows and MAC Machines Using GlobalProtect HIP Profiles
Created On 09/25/18 17:51 PM - Last Updated 09/25/18 23:09 PM
This document describes how to configure HIP profiles for Windows and MAC GlobalProtect users only and then create a security policy to restrict them from using internal/external resources.
- Create two separate HIP objects for Windows and MAC for all of their respective versions.
- Create a HIP profile and make sure that the OR operation is selected for both HIP objects. The OR operation is important because one particular workstation cannot be MAC and Windows at the same time when logging through GlobalProtect, even if a Windows VM is running on a MAC or vice-versa.
- Setup HIP notification for non-authorized trespassers. This is configured under GlobalProtect Gateway > Client Configuration > HIP Notification
- Create a security policy and apply the HIP profile to that security policy. GP zone is the zone where the tunnel terminates on.