Manually Add and Delete Devices From the Quarantine List
You can add a device manually from either
the quarantine pages, from the GlobalProtect, Threat, Traffic, or Unified logs, or by using
an API. You can also manually delete the device from the quarantine
pages, as shown in the following steps.
To manually add a device to the quarantine
list from the
Device Quarantine
page, select
Device
Device Quarantine
or
Panorama
Device Quarantine
and
Add
the
device.
Add the
Host ID
and, optionally,
the
Serial Number
of the device. GlobalProtect
uses the Host ID to identify the device.
) To add Host ID information
to the Traffic, Threat, and Unified logs, select
Policies
Security
and
Add
a
security policy rule; then, select
Quarantine
as
the
Source Device
for
Source
traffic.
A
Host ID is required to add a device to the quarantine list. When
a user connects to the network with the GlobalProtect app, GlobalProtect
automatically adds Host ID information for the connected endpoint
to the GlobalProtect log. For GlobalProtect to automatically add
Host ID information to the Traffic, Threat, or Unified logs, you
must add a policy rule that has
Quarantine
selected
for source traffic.
To make sure that you are adding the Host ID
for all devices you want to quarantine (either manually or automatically),
create a security policy that allows all traffic and specify
Quarantine
as
the
Source Device
. It does not matter what
order you place this policy in the list of policies for it to work.
Right-click the
Host ID
associated
with the device and click
Block Device
.
If
the
Host ID
column does not display, select
the header of any column and then select the