Focus

Configure Quarantine List Redistribution in Prisma Access

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Use Cases for Quarantine List Redistribution

Sinkhole IPv6 Traffic In Mobile Users—GlobalProtect Deployments

Configure Quarantine List Redistribution in Prisma Access

Configure the quarantine list feature for Panorama Managed Prisma Access mobile user (GlobalProtect) deployments.

To redistribute quarantine information to and from service connections, the Panorama that manages Prisma Access, and next-generation firewalls, complete the following steps.

Make sure that the Panorama management IP address is able to communicate with the User-ID agent address for all service connections to which you want to redistribute quarantine list information.

Communication between the User-ID Agent address of the service connection and the management IP address of Panorama is required for Prisma Access to send and receive quarantine list information between Panorama and the service connections.

To find the

User-ID Agent Address

, select

Panorama

Cloud Services

Status

Network Details

Service Connection

User-ID Agent Address

To find the management IP address of the Panorama that manages Prisma Access, note the IP address that displays in the web browser when you access Panorama.

Allow Prisma Access to redistribute quarantine list information.

In Panorama, select

Panorama

Cloud Services

Configuration

Service Setup

Click the gear icon to edit the settings.

In the

Advanced

tab, select

Enable Quarantine List Redistribution

Enabling quarantine list redistribution allows Prisma Access to redistribute the quarantine list information received from one or more mobile user locations (gateways) to service connections.

Commit

and

Push

your changes.

Configure Panorama to receive quarantine list information from Prisma Access by configuring management interface settings.

In the Panorama that manages Prisma Access, select

Panorama

Setup

Interfaces

Select the

Management

interface.

Select

User-ID

Configure a data redistribution agent that redistributes quarantine list information from the service connections to Panorama.

From the Panorama that manages Prisma Access, select

Panorama

Cloud Services

Status

Network Details

Service Connection

Make a note of the

User-ID Agent Address

(

Panorama

Cloud Services

Status

Network Details

Service Connection

User-ID Agent Address

) for each service connection.

Select

Panorama

Data Redistribution

Agents

Add

a Data Redistribution agent, give it a

Name

and select

Enabled

Enter the

User-ID Agent Address

of the service connection as the

Host

and 5007 as the

Port

Make sure that your network does not block access to this port between Panorama and Prisma Access.

(Optional) If you have configured this service connection as a Collector (

Device

Data Redistribution

Collector Settings

), enter the

Collector Name

and

Collector Pre-Shared Key

Select

Quarantine List

; then, click

Repeat Step 5 for all the service connections in your Prisma Access deployment.

Select

Commit

Commit to Panorama

to save your changes locally on the Panorama that manages Prisma Access.

Configure a data redistribution agent that redistributes quarantine list information from Panorama to the service connections.

Find the management IP address of the Panorama that manages Prisma Access.

This address displays by in the web browser address bar when you access Panorama.

Make sure that you are in the

Service_Conn_Template

template, then select

Device

Data Redistribution

Agents

Add

a Data Redistribution agent, give it a

Name

and select

Enabled

Enter the management IP address of the Panorama appliance. as the

Host

and 5007 as the

Port

Select

Quarantine List

; then, click

Configure a data redistribution agent that redistributes quarantine list information from the service connections to mobile user gateways.

From the Panorama that manages Prisma Access, select

Panorama

Cloud Services

Status

Network Details

Service Connection

Make a note of the

User-ID Agent Address

of the service connection from which you want to redistribute quarantine list information.

Since all service connections have the same redistributed quarantine list information, choose any service connection. You can also configure more than one service connection.

Make sure that you are in the

Mobile_User_Template

, then select

Device

Data Redistribution

Agents

Add

a Data Redistribution agent, give it a

Name

, and select

Enabled

Enter the

User-ID Agent Address

of the service connection as the Host and

5007

as the Port.

Make sure that your network does not block access to this port between Panorama and Prisma Access.

(Optional) If you have configured this service connection as a Collector (

Device

Data Redistribution

Collector Settings

), enter the

Collector Name

and

Collector Pre-Shared Key

Select

Quarantine List

; then, click

Commit and Push

your changes.

View your quarantine list information by selecting

Panorama

Device Quarantine

See View Quarantined Device Information in the GlobalProtect Administrator’s Guide for details.

Use Cases for Quarantine List Redistribution

Sinkhole IPv6 Traffic In Mobile Users—GlobalProtect Deployments

Prisma Access Docs

Configure Quarantine List Redistribution in Prisma Access

Prisma Access Docs

Configure Quarantine List Redistribution in Prisma Access

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner