topic GP HIP Profile Applied to Security Policy with Multiple Zones in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-hip-profile-applied-to-security-policy-with-multiple-zones/m-p/581365#M5172 <P>Hi everyone!&nbsp;</P> <P>&nbsp;</P> <P>First LIVE post, hoping to learn about how HIP profiles function when applied to security policies.&nbsp;</P> <P>&nbsp;</P> <P>I have a zone created for my Global Protect VPN users, I want to apply a HIP Profile that checks if the computer is domain joined and denies access to the gateway if the check fails. My understanding is that the HIP profile needs to be applied to a security policy. Adding it to my GP zone is not an issue however, I have security policies that preceded the GP zone that have “any” zone set as the source, meaning if a VPN user matches it is allowed to certain destinations. What happens if I apply the HIP profile with a security policy that has “any” as the source zone? Will it only deny traffic for Global Protect users who have HIP collection or will this also effect other endpoints coming from different zones?&nbsp;</P> Fri, 22 Mar 2024 15:53:12 GMT EvanSotcheff 2024-03-22T15:53:12Z GP HIP Profile Applied to Security Policy with Multiple Zones https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-hip-profile-applied-to-security-policy-with-multiple-zones/m-p/581365#M5172 <P>Hi everyone!&nbsp;</P> <P>&nbsp;</P> <P>First LIVE post, hoping to learn about how HIP profiles function when applied to security policies.&nbsp;</P> <P>&nbsp;</P> <P>I have a zone created for my Global Protect VPN users, I want to apply a HIP Profile that checks if the computer is domain joined and denies access to the gateway if the check fails. My understanding is that the HIP profile needs to be applied to a security policy. Adding it to my GP zone is not an issue however, I have security policies that preceded the GP zone that have “any” zone set as the source, meaning if a VPN user matches it is allowed to certain destinations. What happens if I apply the HIP profile with a security policy that has “any” as the source zone? Will it only deny traffic for Global Protect users who have HIP collection or will this also effect other endpoints coming from different zones?&nbsp;</P> Fri, 22 Mar 2024 15:53:12 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/gp-hip-profile-applied-to-security-policy-with-multiple-zones/m-p/581365#M5172 EvanSotcheff 2024-03-22T15:53:12Z