Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- 5G/IoT
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma Access Insights
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- Collaboration
- ›
- Discussions
- ›
- GlobalProtect Discussions
- ›
- Who rated this post
Who rated this post
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Who rated this post
12-18-2020
04:22 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-18-2020
04:22 AM
No I don't think this is possible as HIP info is collected and sent after the GW connection is established.
You could add a deny policy at the top of your ruleset to deny all from sslvpn zone if HIP is "Not" a match.
this would save you adding to all other policies but you will then need to move up any policies that you may have that would allow traffic with a no match (If you have any).
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
