Although you may have stringent security at your corporate network border, your network is really only as secure as the endpoints that are accessing it. With today’s workforce becoming more mobile and often requiring access to corporate resources from a variety of locations—airports, coffee shops, hotels—and from a variety of endpoints—both company-provisioned and personal—you must logically extend your network’s security to your endpoints to ensure comprehensive and consistent security enforcement. The GlobalProtect™ Host Information Profile (HIP) feature enables you to collect information about the security status of your endpoints—such as whether they have the latest security patches and antivirus definitions installed, whether they have disk encryption enabled, whether the endpoint is jailbroken or rooted, or whether it is running specific software you require within your organization—and base the decision as to whether to allow or deny access to a specific host based on adherence to the host policies you define.

The following sections provide information about the use of host information in policy enforcement: