About lrangra

We opened a case with TAC and the findings were:   Problem 1: when the GP app running in Android container on a Chromebook managed by google admin console, my firewall sees a new serial I'd everytime it connects to firewall in Hip match logs even the host id is different.  How can we make sure we use the unique mobile I'd to enforce the whitelist approach in Hip objects? Answer: Since the mode of deployment is kiosk mode for chromebook after reboot, a new container version will be created everytime. thus new serial number and host id. only the options given under Hip Object> General can be used. changing the mode to App mode at Google admin console will help. mobile id can only be used when we integrate with MDM.   Problem 2: will this setup require a third-party MDM integration to enforce hip or can palo alto detect this without third party MDM integration. (Palo Alto only supports airwatch MDM integration) if we want mdm then we have to use airwatch.  Problem 3: as per the 3rd party MDM compatibility matrix we only support Global-protect app deployment for andorid on a managed Chromebook using Google admin console. Will we be able to identify Chromebook based on mobile I'd? https://docs.paloaltonetworks.com/compatibility-matrix/globalprotect/what-features-do-third-party-mo... No we will not be able to. as the documents says only thing which is support is Global-protect app deployment.   Problem 4: this below URL says we can enforce mobile I'd on a android running on managed Chromebook in step 5. However we are not able to and this contradicted above Matrix. https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/mobile-endpoint-management/s... Mobile id is only applicable when we have a MDM. currently only airwatch is supported.   ... View more