: Release a Device from Quarantine Using Cisco ISE
Focus
Focus

Release a Device from Quarantine Using Cisco ISE

Table of Contents

Release a Device from Quarantine Using Cisco ISE

Remove devices from quarantine through the
IoT Security
integration with Cisco ISE.
Removing a device from quarantine is the same procedure as putting it in quarantine except that you select
More
Send to
Release via Cisco ISE
on the
Alerts
Security Alerts
page. This option is also available in the Action menu in the Risks and Alerts sections on the Device Details page.
IoT Security sends ISE the
PanwIoTAlertSeverity
and
PanwIoTAlertType
attributes with
None
as the text string and the MAC address of the impacted device, which means the exception rule assigning it to a quarantine VLAN no longer applies to it. The instance or instances that have an endpoint with a matching MAC address release it from quarantine. The next time the device disconnects from the network and then reconnects, it requests network access from Cisco ISE. When ISE doesn’t find any matching exception rules in its policy and accepts the device back onto the network, it puts the device back in its normally assigned VLAN.

Recommended For You