GlobalProtect Host Information Profile (HIP)

 

The GlobalProtect VPN client reports basic inventory data called a Host Information Profile (HIP) to perform posture assessments for elevated network access. The data collected is limited to:

  • Device information, including operating system, MAC address, and serial number.
  • Device security settings, including disk encryption, firewall, and auto-update preferences.
  • Cortex XDR Application installation and version.
  • For access to High Risk network resources, device enrollment in SCCM/MECM or Jamf Pro, and Tenable Nessus vulnerability scanning agent installation and status.

 

Viewing an Endpoint's GlobalProtect HIP Report

  1. Click the GlobalProtect globe icon in the macOS menu bar or Windows system tray and select “Settings” from the hamburger menu (☰) at the top right of the status window.
    GlobalProtect client with the hamburger menu expanded and Settings option selected.
  2. In the GlobalProtect Settings window, click “Host Information Profile” in the sidebar. This displays the last time HIP data was collected and submitted to the VPN server. Expand the individual categories under Advanced Information to drill into the security posture data collected on the endpoint.
    macOS GlobalProtect Settings windows with the Host Information Profile tab selected.
Windows GlobalProtect Settings with the Host Information Profile tab selected.

 

Troubleshooting Host Information Profile Policy Failures

The GlobalProtect agent does not provide real-time feedback to users when a connection to a network resource is denied due to a HIP policy failure. Users can consult the chart below and their endpoint’s Host Information Profile to determine why a HIP policy failed. Instructions to remediate most of these issues can be found on the Personal Device Security service page.

If you can't identify the issue or resolve it yourself, open a support ticket.

 

OS   Requirement   Advanced Information   Passing Value
macOS   Minimum OS   host-info > os   Supported and Patched
macOS Version
macOS   Antivirus   anti-malware > list > entry >
ProductInfo > Cortex XDR
  real-time-protection > yes
macOS   Firewall   firewall > list > entry > ProductInfo >
Mac OS X Builtin Firewall
  is-enabled > yes
macOS   Disk Encryption   disk-encryption > list > entry >
ProductInfo > FileVault
  for internal hard drive
(ex. "Macintosh HD"):
drives > entry >
enc-state > encrypted
macOS   Endpoint Management   Only checked when accessing High Risk services.
patch-management > list > entry >
ProductInfo > Casper Suite
  is-enabled > yes
macOS   Vulnerability
Management
  Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint.
   
Windows   Minimum OS   host-info > os   Supported and Patched
Windows Version
Windows   Antivirus   anti-malware > Cortex XDR   Real Time Protection:
yes
Windows   Firewall   firewall > Windows Firewall   Enabled: yes
Windows   Disk Encryption   disk-encryption > BitLocker
Drive Encryption
  Location: C:\
Encryption State: encrypted
Windows   Endpoint
Management
  Only checked when accessing High Risk services.
patch-management > System Center
Configuration Manager
  Enabled: yes
Windows   Vulnerability
Management
  Only checked when accessing High Risk services.
The results of this check are not displayed
in the Host Information Profile on an endpoint.