Leveraging Host Information Profile (HIP)

You may have configured the strictest rules on your corporate network border. If you allow insecure hosts on your network, then you might as well just throw your firewall in the trash. Your network is only as secure as the endpoints you allow onto it.

In this age where a hybrid workforce is becoming the new normal — and employees are working remotely from their home offices, hotels, airports, gas stations, etc. — they still need to connect to corporate resources, both from company-provisioned and personal devices. It only makes sense to extend your network’s security to your endpoints to ensure security enforcement. If you fail to do so , you risk allowing compromised/vulnerable hosts onto your network.

What is Host Information Profile (HIP)?

The Host Information Profile (HIP) feature allows you to collect information about the security status of your endpoints, and the decision is based on whether to allow or deny access to a specific host based on adherence to the host policies you define.

How does HIP work exactly?

The GlobalProtect app collects information about the host it's running on. The app then submits this host information to the GlobalProtect gateway upon successful connection. The gateway matches this raw host information submitted by the app against any HIP objects and the HIP profiles that you have defined. If it finds a match, it generates an entry in the HIP match log. Additionally, if it finds a HIP profile match in a policy rule, it enforces the corresponding security policy.

This enables granular security that ensures the remote hosts accessing your network resources are adequately maintained and adhere with your security standards before they are allowed access. For instance, you could enforce that endpoints have a minimum version of anti-virus software installed before they are allowed access to your resources. 

HIP objects and HIP profiles

You define which host attributes you are interested in monitoring and/or using for policy enforcement by creating HIP objects and HIP profiles on the gateway(s).

• The HIP Objects is the criteria used to filter out the host information you are interested in using to enforce policy from the raw data reported by the app: Objects > GlobalProtect > HIP Objects

• A HIP Profile is a collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement: Objects > GlobalProtect > HIP Profiles

For more details on the actual information that's being gathered, check out the following TechDocs article: What Data Does the GlobalProtect App Collect? 

To use the HIP feature, you must have a GlobalProtect subscription license on each gateway that will perform HIP checks. 

For more information on licensing, see this TechDocs article: About GlobalProtect Licenses.

If you need some help configuring your HIP-Based Policy Enforcement, check out the step-by-step instructions on this TechDocs article: Configure HIP-Based Policy Enforcement.

Also check out:

• GlobalProtect Technologies Page
• How Does the Gateway Use the Host Information to Enforce Policy?
• How Do Users Know if Their Systems are Compliant?
• How Do I Get Visibility into the State of the Endpoints?
• HIP Configuration for Patch Management 
• How to Troubleshoot HIP Data 
• How to Troubleshoot HIP Match Issues 

Feel free to share your questions, comments and ideas in the section below.

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

Stay secure!

Kiwi out