Would GlobalProtect VPN be disconnected if HIP check failed?

Would GlobalProtect VPN be disconnected if HIP check failed?

12455
Created On 10/28/20 16:42 PM - Last Modified 11/30/20 22:27 PM


Question


How can GlobalProtect VPN connection be dropped if HIP Check Fails?
 

Environment


  • GlobalProtect Agent any version.
  • Any PAN-OS.

Answer


Once the Global Protect user gets connected, then the HIP match policy will be enforced. If it matches, then the user can access the resources. If the HIP policy does not match, then the user cannot get access to resources; but the HIP check will never disconnect a user from the GlobalProtect VPN. This is how Global Protect works with the HIP.

Please refer to the article below on how the HIP mechanism works.

How Does the HIP Mechanism Work in GlobalProtect?


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBMYCA4&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language