Block Endpoint Access
Focus
Focus
GlobalProtect

Block Endpoint Access

Table of Contents

Block Endpoint Access

In the event that a user loses an endpoint that provides GlobalProtect access to your network, that endpoint is stolen, or a user leaves your organization, you can block the endpoint from gaining access to the network by placing the endpoint in a block list.
A block list is local to a logical network location (vsys, 1 for example) and can contain a maximum of 1,000 endpoints per location. Therefore, you can create separate block lists for each location hosting a GlobalProtect deployment.
  1. Identify the host ID for the endpoints you want to block.
    The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by endpoint type:
    • Windows—Machine GUID stored in the Windows registry (HKEY_Local_Machine\Software\Microsoft\Cryptography\MachineGuid)
    • macOS—MAC address of the first built-in physical network interface
    • Android—Android ID
    • iOS—UDID
    • Chrome—GlobalProtect assigned unique alphanumeric string with length of 32 characters
    If you do not know the host ID, you can correlate the user-ID to the host ID in the HIP Match logs:
    1. Select
      Monitor
      Logs
      HIP Match
      .
    2. Filter the HIP match logs for the source user associated with the endpoint.
    3. Open the HIP match log and identify the host ID under
      OS
      Host ID
      and optionally the hostname under
      Host Information
      Machine Name
      .
  2. Create a device block list.
    You cannot use Panorama templates to push a device block list to firewalls.
    1. Select
      Network
      GlobalProtect
      Device Block List
      and
      Add
      a device block list.
    2. Enter a descriptive
      Name
      for the list.
    3. For a firewall with more than one virtual system (vsys), select the
      Location
      (vsys or
      Shared
      ) where the profile is available.
  3. Add a device to a block list.
    1. Add
      endpoints. Enter the host ID (
      required
      ) and hostname (
      optional
      ) for the endpoint that you need to block.
    2. Add
      additional endpoints, if needed.
    3. Click
      OK
      to save and activate the block list.
      The device block list does not require a commit and is immediately active.

Recommended For You