Enforcement Options for Precise Control
A variety of enforcement options can be applied to session traffic that matches any combination of classification (e.g., applications, users or groups, individual application functions). Beyond simple allow and deny policies, other options include: threat scanning (A/V, IPS), decrypt and inspect, selectively allow individual application functions (including file transfer by file type), and allow per schedule.
Required posture for endpoint devices (including mobile) can be enforced through host information profiles for GlobalProtect™-enabled clients. In addition to security and appropriate-use controls, traffic shaping through QoS is also available, enabling you to prioritize applications in your environment.