How to configure HIP objects/profiles with the correct security policy?

How to configure HIP objects/profiles with the correct security policy?

4884
Created On 04/20/23 02:24 AM - Last Modified 05/16/25 20:53 PM


Objective


To configure  HIP objects/profiles with the correct security policy.

Environment


  • Palo Alto Firewall
  • GlobalProtect Gateway
  • HIP Object/profile
  • Antivirus

Procedure


The procedure is explained using an example for carbon Black software, one can use this article for other antivirus vendors.

  1. Create Object for any OS device with install antivirus software.

Screenshot 2023-04-19 at 7.13.36 PM.png

Screenshot 2023-04-19 at 7.13.26 PM.png

  • The same HIP object  can also be configured with MACOS devices:

Screenshot 2023-04-19 at 7.15.10 PM.png

Screenshot 2023-04-19 at 7.15.57 PM.png

  1. Create the hip profile for install the Antivirus (Make sure choose the OR ) 

Screenshot 2023-04-19 at 7.03.39 PM.png

  1. Create the HIP profile for not installing the Antivirus: ( make sure choose the OR with NOT ) 

Screenshot 2023-04-19 at 7.03.47 PM.png

  1. Create 2 security policy for matching/allow ( install ) and not matching/deny ( not install ) the hip profile :

Screenshot 2023-04-19 at 7.07.18 PM.png

  1. Create the hip notification for NOT matching hip profile under Gateway > Agent> hip notification

    Screenshot 2023-04-19 at 7.05.10 PM.png
  2. Commit the changes.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHicCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language