Focus

GlobalProtect

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1 (EoL)
User Guide
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.1
Release Notes
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

Automatically Quarantine a Device

Redistribute Device Quarantine Information from Panorama

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Prevent users from logging into GlobalProtect from quarantined devices by configuring gateway authentication. Block network access for quarantined devices using security policy rules.

You can prevent users from logging into GlobalProtect from a quarantined device by configuring gateway authentication. In addition, you can block a quarantined device from sending or receiving traffic in the network by specifying options in a security policy rule. Use the following tasks to block GlobalProtect users or manage network access for a quarantined device.

To block users from logging in to GlobalProtect from a quarantined device, configure GlobalProtect gateway authentication (NetworkGlobalProtectGatewaysgateway-configurationAuthentication) and select Block login for quarantined devices.

If a user attempts to log in from a quarantined device to a gateway that has Block login for quarantined devices enabled, the GlobalProtect app notifies the user that the device is quarantined and the user cannot log in from that device. If this setting is not enabled, the user receives the notification but is able to log in from that device.
To block access from a quarantined device using a security policy rule, specify Quarantine for either source or destination traffic; then, specify an action that blocks the quarantined device.
Specifying Quarantine in a security policy rule means that the rule uses devices in the quarantine list as the match criteria, whether you specify Quarantine as the Source Device for Source traffic or the Destination Device for Destination traffic. The following example shows a source Device of Quarantine a destination IP address of the HQ server, and an action of Deny. With this security policy rule, any devices in the quarantine list will not be able to access the HQ server.

For a quarantined device to be valid in a policy on a firewall, a GlobalProtect user must successfully log in to GlobalProtect from the quarantined device, and the firewall must be aware of that login event. If the firewall is configured as a GlobalProtect gateway, the user can log in to that gateway from the quarantined device to validate the device in the policy. After a user successfully logs in to a gateway from a quarantined device, the gateway enforces the policy, and you can redistribute the quarantined device information and have it enforced in a policy on any firewall or gateway in your network. If the user is blocked from logging in to the gateway (for example, if you have selected Block login for quarantined devices in the gateway configuration), that login is not counted as a successful login.

Automatically Quarantine a Device

Redistribute Device Quarantine Information from Panorama

GlobalProtect Docs

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

GlobalProtect Docs

Use GlobalProtect and Security Policies to Block Access to Quarantined Devices

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner