Recently worked an issue where user wanted hip alerts displayed for users if they are missing ios, apple or windows patch updates. There is sometimes some confusion with regards to the match / not match messages and there is a known issue with hip checks on mac's. The below documnet hopefully clears some of this up and I have generated a workaround for the macbook check.
Alert users of iOS, MacBook’s & Windows devices if they are not on the latest patch of Windows updates or Apple software.
Known issue with missing patches hip check on a mac.
77018 Global Protect agent fails to report missing patches on devices running on Mac OS.
Work around: specify the latest version of os and manually type in the missing number if applicable and check for this.
I got the desired results following the below set of details/ guidelines and have gathered screenshots as I went.
First thing is to create hip objects to check. I created one for the device explicitly and one to see if has all patches installed [windows], is on the latest release of iOS [iPhone] & is on the latest release [10.11.3] on the MacBook.
I have found MacBook os 10.11.3 not on the list below originally. I select then version 10.11 and added the .3 and the PAN device accepted this. Due to the known issue, instead of checking for missing patches the conventional way I checked the os release of the Macbook, which is effectively the patches / security fixes Apple roles out where windows patches are slightly different.
I set up the three conditions as below, then created a forth condition that asks if any of the 3 three checks above are true.
We put this if any is true into the alert on the Gateway. Again this will alert if an iOS , Macbook or Windows device doesn’t have the latest release of code or latest windows updates respectfully.
I verified with testing, you have to adjust the match / not match statements to match.
You need to just have the one hip alert that checks if any device is missing the updates link below
Matched message – a device has connected that is an ios, mac or windows device that is not have the latest code or all the security patches.
Not matched message is null and not enabled.
The above will alert users if they connect on an ios device, windows device or macbook if not on latest patch , work around only valid as long as mac os latest is 10.11.3.
Hope this helps ..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!