Use GlobalProtect and Security Policies to Block Access to
Quarantined Devices
You can prevent users from logging into GlobalProtect from
a quarantined device by configuring gateway authentication. In addition,
you can block a quarantined device from sending or receiving traffic
in the network by specifying options in a security policy rule.
Use the following tasks to block GlobalProtect users or manage network
access for a quarantined device.
- To block users from logging in to GlobalProtect from a quarantined device, configure GlobalProtect gateway authentication () and selectNetworkGlobalProtectGatewaysgateway-configurationAuthenticationBlock login for quarantined devices.If a user attempts to log in from a quarantined device to a gateway that hasBlock login for quarantined devicesenabled, the GlobalProtect app notifies the user that the device is quarantined and the user cannot log in from that device. If this setting is not enabled, the user receives the notification but is able to log in from that device.
- To block access from a quarantined device using a security policy rule, specifyQuarantinefor either source or destination traffic; then, specify an action that blocks the quarantined device.SpecifyingQuarantinein a security policy rule means that the rule uses devices in the quarantine list as the match criteria, whether you specifyQuarantineas theSource DeviceforSourcetraffic or theDestination DeviceforDestinationtraffic. The following example shows a sourceDeviceofQuarantinea destination IP address of the HQ server, and an action ofDeny. With this security policy rule, any devices in the quarantine list will not be able to access the HQ server.For a quarantined device to be valid in a policy on a firewall, a GlobalProtect user must successfully log in to GlobalProtect from the quarantined device, and the firewall must be aware of that login event. If the firewall is configured as a GlobalProtect gateway, the user can log in to that gateway from the quarantined device to validate the device in the policy. After a user successfully logs in to a gateway from a quarantined device, the gateway enforces the policy, and you can redistribute the quarantined device information and have it enforced in a policy on any firewall or gateway in your network. If the user is blocked from logging in to the gateway (for example, if you have selectedBlock login for quarantined devicesin the gateway configuration), that login is not counted as a successful login.
Recommended For You
Recommended Videos
Recommended videos not found.