Hi all, I have a PA-3020 that is configured for GlobalProtect. All is good as far as being able to connect to the VPN, but once I am connected I find that I'm having issues connecting to servers that are permitted in security policy, but have the HIP Profile attached. If I remove the HIP profile the traffic flows as expected. The HIP profile is very basic at this time - it's just checking to determine whether the users laptop is configured with the proper domain. When I browse to Monitor > HIP Match I'm seeing that my machine is matching the "GlobalProtect Authorized Users" profile, but whenever the HIP policy is attached to the security policy I can't get to the server(s) - the traffic log shows that the traffic was denied. Remove the HIP check, commit, and re-connect and I'm able to get to the server(s) using the same rule, just minus the HIP check. I have the same basic setup on another set of firewalls at our HQ and it's working without an issue. Can anybody give me any tips on how to troubleshoot this? I wish the HIP logs gave a bit more information. The firewall with the issue is running 8.1.13, with GlobalProtect 5.1.1. Thanks!
... View more