HIP profile evaluation failures after removal of custom HIP check object

HIP profile evaluation failures after removal of custom HIP check object

203
Created On 06/24/25 13:48 PM - Last Modified 11/12/25 22:40 PM


Symptom


Unexpected loss of resource access after a custom HIP object is deleted

 

Environment


  • Global Protect where a "Custom Check" is currently configured under Network-GlobalProtect-Portals-Agent Configuration-HIP Data Collection-Custom Check   for any OS.  

Cause


The gateway cannot evaluate the client's custom HIP check information against an object so the gateway's entire HIP evaluation task will fail.   The HIP evaluation failure can cause endpoints that would otherwise be allowed to access resources to fail their associated HIP profile checks.   

Resolution


  1. Remove the custom check associated with the HIP object from the Global Protect configuration. 
    1. In the firewall or in the Panorama Template,  go to Network-GlobalProtect-Portals-Agent-HIP Data Collection-Custom Checks and delete the custom check that was associated with the HIP object. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxkjKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail