This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Network Security
- GlobalProtect Discussions
- Who rated this post
Who rated this post
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-18-2020 04:22 AM
No I don't think this is possible as HIP info is collected and sent after the GW connection is established.
You could add a deny policy at the top of your ruleset to deny all from sslvpn zone if HIP is "Not" a match.
this would save you adding to all other policies but you will then need to move up any policies that you may have that would allow traffic with a no match (If you have any).
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks