Would GlobalProtect VPN be disconnected if HIP check failed?
How can GlobalProtect VPN connection be dropped if HIP Check Fails?
- GlobalProtect Agent any version.
- Any PAN-OS.
Once the Global Protect user gets connected, then the HIP match policy will be enforced. If it matches, then the user can access the resources. If the HIP policy does not match, then the user cannot get access to resources; but the HIP check will never disconnect a user from the GlobalProtect VPN. This is how Global Protect works with the HIP.
Please refer to the article below on how the HIP mechanism works.
How Does the HIP Mechanism Work in GlobalProtect?