1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. Host Information
    5. Quarantine Devices Using Host Information
    6. Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

    Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

    You can prevent users from logging into GlobalProtect from a quarantined device by configuring gateway authentication. In addition, you can block a quarantined device from sending or receiving traffic in the network by specifying options in a security policy rule. Use the following tasks to block GlobalProtect users or manage network access for a quarantined device.
    • To block users from logging in to GlobalProtect from a quarantined device, configure GlobalProtect gateway authentication (
      Network
      GlobalProtect
      Gateways
      gateway-configuration
      Authentication
      ) and select
      Block login for quarantined devices
      .
      quarantine-block-login-for-quarantined-devices.png
      If a user attempts to log in from a quarantined device to a gateway that has
      Block login for quarantined devices
       enabled, the GlobalProtect app notifies the user that the device is quarantined and the user cannot log in from that device. If this setting is not enabled, the user receives the notification but is able to log in from that device.
    • To block access from a quarantined device using a security policy rule, specify
      Quarantine
       for either source or destination traffic; then, specify an action that blocks the quarantined device.
      Specifying
      Quarantine
       in a security policy rule means that the rule uses devices in the quarantine list as the match criteria, whether you specify
      Quarantine
       as the
      Source Device
       for
      Source
       traffic or the
      Destination Device
       for
      Destination
       traffic. The following example shows a source
      Device
       of
      Quarantine
       a destination IP address of the HQ server, and an action of
      Deny
      . With this security policy rule, any devices in the quarantine list will not be able to access the HQ server.
      quarantine-block-quarantined-devices-from-hq-server.png
      For a quarantined device to be valid in a policy on a firewall, a GlobalProtect user must successfully log in to GlobalProtect from the quarantined device, and the firewall must be aware of that login event. If the firewall is configured as a GlobalProtect gateway, the user can log in to that gateway from the quarantined device to validate the device in the policy. After a user successfully logs in to a gateway from a quarantined device, the gateway enforces the policy, and you can redistribute the quarantined device information and have it enforced in a policy on any firewall or gateway in your network. If the user is blocked from logging in to the gateway (for example, if you have selected
      Block login for quarantined devices
       in the gateway configuration), that login is not counted as a successful login.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo