This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Network Security
- GlobalProtect Discussions
- Who rated this post
Who rated this post
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-18-2020 08:44 AM
OK I will try to keep it simple and us an OS as the example.
what we are trying to achieve is to allow all win10 devices access via the policies.
But we do not want to add this to all of the policies as there is hundreds of them.
so...
objects/hip object add name win10-check general/host info/OS contains msoft windows 10.
then..
objects/hip profiles add name not-win10 match add NOT win10-check
then..
policy add from sslvpn to private hip not-win10 any any any deny
i hope i got that correct as popping out...
so... if you only allow a certain level in, AV etc. then block those that do not meet the requirement with a NOT hip profile.
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks