We have configured the internal globalprotect gateway and have the requirement that only internal/external GP gateway connected users can access the intranet/internet resources and users traffic without GP connectivity should be blocked by PA.
Now everything working fine except in below scenario where user deleted the GP agent, but they are going through the same HIP profile policy. (HIP data in DB not getting deleted, everything in cache)
HIP based policy is configured properly in PA (to check whether phone is android/ios/windows)
All the GP agents are sharing the HIP data at the time of connectivity and matching the HIP based policies properly.
The problem now is HIP data collected during the first time joining is kept in the HIP PA database for longtime and if the same user is disconnected the GP and browsing without GP connection , then same HIP policy is triggered (by using the data in HIP DB collected during the first time GP login).
is there any possibility of whether HIP DB cache can be cleared frequently, so that user cannot delete the agent and join again without GP agent into the network.
is there anyother possibility to resolve this issue?
