Manually Add and Delete Devices From the Quarantine List

To manually add a device to the quarantine list from the
Device Quarantine
page, select
Device
Device Quarantine
or
Panorama
Device Quarantine
and
Add
the device.
Add the
Host ID
and, optionally, the
Serial Number
of the device. GlobalProtect uses the Host ID to identify the device.

To add a device to the quarantine list from the GlobalProtect, Threat, Traffic, or Unified logs, complete the following steps.
(

Threat, Traffic, and Unified Logs Only

) To add Host ID information to the Traffic, Threat, and Unified logs, select

Policies

Security

and

Add

a security policy rule; then, select

Quarantine

as the

Source Device

for

Source

traffic.

A Host ID is required to add a device to the quarantine list. When a user connects to the network with the GlobalProtect app, GlobalProtect automatically adds Host ID information for the connected endpoint to the GlobalProtect log. For GlobalProtect to automatically add Host ID information to the Traffic, Threat, or Unified logs, you must add a policy rule that has

Quarantine

selected for source traffic.



To make sure that you are adding the Host ID for all devices you want to quarantine (either manually or automatically), create a security policy that allows all traffic and specify

Quarantine

as the

Source Device

. It does not matter what order you place this policy in the list of policies for it to work.



Right-click the

Host ID

associated with the device and click

Block Device

.



If the

Host ID

column does not display, select the header of any column and then select the

Host ID

field to display the Host ID.


To create an API to manually add the devices, see the instructions in the PAN-OS and Panorama API Usage Guide.
After your administrator has performed remediation on the device, you can delete it from the list by selecting
Device
Device Quarantine
for next-generation firewalls or
Panorama
Device Quarantine
for Panorama appliances, selecting one or more devices, then selecting
Delete
.