How to Restrict a Security Policy to Windows and MAC Machines Using GlobalProtect HIP Profiles

How to Restrict a Security Policy to Windows and MAC Machines Using GlobalProtect HIP Profiles

24034
Created On 09/25/18 17:51 PM - Last Modified 06/06/23 02:51 AM


Resolution


Overview

This document describes how to configure HIP profiles for Windows and MAC GlobalProtect users only and then create a security policy to restrict them from using internal/external resources.

 

Steps

  1. Create two separate HIP objects for Windows and MAC for all of their respective versions.


  2. Create a HIP profile and make sure that the OR operation is selected for both HIP objects. The OR operation is important because one particular workstation cannot be MAC and Windows at the same time when logging through GlobalProtect, even if a Windows VM is running on a MAC or vice-versa.
  3. Setup HIP notification for non-authorized trespassers. This is configured under GlobalProtect Gateway > Client Configuration > HIP Notification
  4. Create a security policy and apply the HIP profile to that security policy. GP zone is the zone where the tunnel terminates on.

 

owner: kadak
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKjCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language