The GlobalProtect Remote Access VPN agent analyzes the security posture of the computer through a process called HIP (Host Information Profile) checks.  The HIP checks run automatically in the background and report to the VPN server for evaluation.

Penn State has implemented two levels of VPN HIP requirements:

1. A minimum Standard Requirement and
2. A minimum Enclave Requirement.

If the HIP report determines that the computer does not meet all of the Standard Requirements then access to Penn State resources and the Internet will be blocked while the GlobalProtect VPN agent is connected. For each requirement not met, a HIP notification window will pop-up on the computer indicating that connectivity will be blocked and the reason why.

In addition to Standard Requirements, Enclave Requirements must be met to access enclaves.

For more information about GlobalProtect, and a list of related articles, see KB0013431, GlobalProtect Remote Access VPN - Overview.

Note to authors: Formatting for this article is partially defined/set in a <style> element in the HTML of the main section. (This note is automatically hidden when published [but portions may still appear in search results].)

Standard Requirements

Systems must meet all three of the following requirements to use the GlobalProtect VPN.  Failure to meet any of these minimum requirements will result in no access to Penn State resources and the Internet while the GlobalProtect VPN agent is connected.

• Operating System Versions Supported (See KB article KB0013898 for specific details of this requirement)
• Agent Versions Supported (See KB article KB0013671 for specific details of this requirement)
• Anti-virus Minimum Requirements (See KB article KB0013451 for specific details of this requirement)

Enclave Requirements

These requirements are necessary only if enclave access is required. Standard Requirements are required in addition to Enclave Requirements to be able to access Enclave resources.  If you receive a HIP notification blocking access or have questions on any of these enclave requirements, please contact your local IT support administrator first.    

• Host Firewall installed and enabled
• Microsoft Defender Advanced Threat Protection (ATP) anti-virus agent:
  
  • must be installed
  • RTP enabled
  • antivirus definitions must be less than 30 days old
• Nessus agent must be installed and running
• Splunk agent must be installed and running

Resubmit Host Profile

HIP reports are automatically submitted by the GlobalProtect agent at regular intervals.  However,  if a GlobalProtect connected host had access blocked due to a failed HIP report then was remediated, the access will remain blocked until the next HIP report is generated.  If the GlobalProtect user does not wish to wait for the next automated HIP report interval, manually submitting the HIP report is possible. 

See KB article KB0013921 for specific steps on how to resubmit the Host Profile.

To Get Help

If you have questions or experience any difficulties, use any of the following methods to contact the IT Service Desk for help:

• Visit the IT Help Portal
• Call us at 814-865-HELP (4357)
• Email us at ITservicedesk@psu.edu