HIP Object Host OS Check for Android and Apple iOS Failing Due to Version Mismatch

HIP Object Host OS Check for Android and Apple iOS Failing Due to Version Mismatch

19384
Created On 01/15/21 21:57 PM - Last Modified 07/30/25 16:52 PM


Symptom


The default version fields for Google Android and Apple iOS Host Info OS check contains a trailing ".0" which doesn't map correctly in the HIP report

Environment


  • Palo Alto Firewall
  • PAN-OS 8.1 and above.
  • HIP Object configuration.

Cause


  •   PAN-OS includes a trailing ".0" for operating system (OS) versions by default for the HIP Host OS check: eg, Apple iOS 14.0
Snapshot displaying the HIP Object dialog box within PAN-OS

Resolution


To have the HIP report properly match what the device is sending, you can manually create the proper OS object in PAN-OS by completing the following steps:

  1.  Navigate to Objects > GlobalProtect > HIP Objects > Select Add at the bottom of the window pane
  2.  Name the object and use a description that's able to assist you later during troubleshooting (optional)
  3.  Select the checkbox to enable the Host Info section and choose the proper OS parameters including the vendor
Note: In our example we'll be using Apple iOS 14
  1.  Rather than selecting a pre-populated option from the dropdown menu, we can type the OS version without the trailing 0 as shown below:
Snapshot displaying the HIP Object Dialog Box within PAN-OS
 
  1.  Select OK and then commit the configuration
 

Additional Information


For additional information regarding HIP and its features, Refer to Configure HIP-Based Policy Enforcement
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCO6CAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language