Q: I'm using a PA-3020; is there any default data collection gathered with the GlobalProtect VPN client/agents, or do you have to provide custom registry keys to scan for Windows?
And where can you actually find the information being gathered?
Sorry, well one example would be if I wanted to block a user from VPN. It says to go to Monitor > Logs > HIP Match and get a HostID.
But this log section is all empty.
When I go to Network > GlobalProtect > Portals, open the portal and look at Agent > config > Data Collection there is a checkbox on "Collect HIP Data" checked.
So I'm not sure where the "Collect HIP Data" stuff is going, or what I can even really do with it beyond blocking a VPN client. Perhaps I want to only allow VPN with up to date AntiVirus. I'm guessing this HIP data comes into play on that as well? But I'm not seeing the connections (in the context of documentation) on how.
you will need to add HIP objects or/and HIP profiles under Objects-GlobalProtect.
you will need the additional gateway license to use these in a policy but not sure if you need that just to see them under the Monitor-HIP Match.
Can you check if you've already activated your license? Please go through this link: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activate-licenses-and-subs...
If you have your VPN users in a different zone, you can also use User-ID to block the users you dont want to VPN in. They can connect but cant go anywhere.
Just a thought.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!