Has anyone effectively used HIP to deny login to Prisma Access? One of the biggest challenges we had with AnyConnect (and a large reason we are moving away) is that there were no native methods for controlling which device a user was connecting with.
I have built a Security Pre-Rule that references the Domain-joined HIP Policy, and I can see the matches in our monitor tab. I would like to deny logon to anyone who does not satisfy this rule EXCEPT those who are members of a specific Active Directory user group.
I figure the rules would look something like this:
1) HIP Match on domain = allowed to connect to Portal URL
2) Match on security group membership = allowed to connect to Portal URL
3) Deny all connections to Portal URL.
Can anyone confirm that this would be effective?
Have you checked the article below?
For using HIP in the security policy :
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!