Focus

GlobalProtect

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1
User Guide
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.2
- 5.1
Release Notes
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1

Automatically Quarantine a Device

Redistribute Device Quarantine Information from Panorama

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Prevent users from logging into GlobalProtect from quarantined devices by configuring gateway authentication. Block network access for quarantined devices using security policy rules.

You can prevent users from logging into GlobalProtect from a quarantined device by configuring gateway authentication. In addition, you can block a quarantined device from sending or receiving traffic in the network by specifying options in a security policy rule. Use the following tasks to block GlobalProtect users or manage network access for a quarantined device.

To block users from logging in to GlobalProtect from a quarantined device, configure GlobalProtect gateway authentication (

Network

GlobalProtect

Gateways

gateway-configuration

Authentication

) and select

Block login for quarantined devices

If a user attempts to log in from a quarantined device to a gateway that has

Block login for quarantined devices

enabled, the GlobalProtect app notifies the user that the device is quarantined and the user cannot log in from that device. If this setting is not enabled, the user receives the notification but is able to log in from that device.

To block access from a quarantined device using a security policy rule, specify

Quarantine

for either source or destination traffic; then, specify an action that blocks the quarantined device.

Specifying

Quarantine

in a security policy rule means that the rule uses devices in the quarantine list as the match criteria, whether you specify

Quarantine

as the

Source Device

for

Source

traffic or the

Destination Device

for

Destination

traffic. The following example shows a source

Device

Quarantine

a destination IP address of the HQ server, and an action of

Deny

. With this security policy rule, any devices in the quarantine list will not be able to access the HQ server.

For a quarantined device to be valid in a policy on a firewall, a GlobalProtect user must successfully log in to GlobalProtect from the quarantined device, and the firewall must be aware of that login event. If the firewall is configured as a GlobalProtect gateway, the user can log in to that gateway from the quarantined device to validate the device in the policy. After a user successfully logs in to a gateway from a quarantined device, the gateway enforces the policy, and you can redistribute the quarantined device information and have it enforced in a policy on any firewall or gateway in your network. If the user is blocked from logging in to the gateway (for example, if you have selected

Block login for quarantined devices

in the gateway configuration), that login is not counted as a successful login.

Automatically Quarantine a Device

Redistribute Device Quarantine Information from Panorama

GlobalProtect Docs

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

GlobalProtect Docs

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Recommended For You

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner