Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Would GlobalProtect VPN be disconnected if HIP check failed? - Knowledge Base - Palo Alto Networks

Would GlobalProtect VPN be disconnected if HIP check failed?

15822
Created On 10/28/20 16:42 PM - Last Modified 11/30/20 22:27 PM


Question


How can GlobalProtect VPN connection be dropped if HIP Check Fails?
 


Environment


  • GlobalProtect Agent any version.
  • Any PAN-OS.


Answer


Once the Global Protect user gets connected, then the HIP match policy will be enforced. If it matches, then the user can access the resources. If the HIP policy does not match, then the user cannot get access to resources; but the HIP check will never disconnect a user from the GlobalProtect VPN. This is how Global Protect works with the HIP.

Please refer to the article below on how the HIP mechanism works.

How Does the HIP Mechanism Work in GlobalProtect?


 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBMYCA4&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language