bSecure Globalprotect Remote Access and Privacy

A knowledge base article about bSecure Globalprotect Remote Access and Privacy provided by the UC Berkeley IT Service Hub - Knowledge Portal

The University of California, Berkeley is committed to protecting privacy to the extent possible.

The remote access system does not log user activities.

Under normal use the bSecure remote access client GlobalProtect gathers and sends a small set of information about the computer connecting using the service. It reports the information when a user tells it to connect, not when unused and idle.

CalNet ID used to connect (not the username on the computer)
The version of GlobalProtect
Basic host information
- OS and Vendor
- Device Name and domain (if applicable)
- Network interface information
- What software update tool is enabled (if any)
- What firewall software is enabled (if any)
- What disk encryption software is enabled (if any)
Whether or not you are using antivirus and what product
Whether or not you are using anti-spyware and what product
Whether or not you are using disk encryption and what product

The information can be viewed in the Host Profile tab of the settings window within GlobalProtect.

No other information about the computer is shared. The system does not look at applications installed or running, it does not examine the contents of your storage devices.

Exceptions:

Restricted VPN
The restricted VPN service is provided at request only for applications/services requiring additional security measures. Users of the special use Restricted VPN undergo a compliance validation when the restricted gateway is connected. This compliance validation is called a HIP check (Host Information in Policy) and can include information in addition to what is listed above. This information is used to verify whether or not the computer is in compliance with UC Berkeley policy before it is authorized to connect through the restricted gateway.

Troubleshooting
During troubleshooting you may be asked to submit logs from the GlobalProtect client. The archive created by the client includes detailed information about system software libraries, host firewall settings, and communications related to the GlobalProtect client and it's communication with the bSecure service. It may contain additional information if the user has accessed the restricted VPN service (see above)..