In the event that a user loses a device that
provides GlobalProtect access to your network, that device is stolen,
or a user leaves your organization, you can block the device from
gaining access to the network by placing the device in a block list.
A
block list is local to a logical network location (vsys, 1 for example)
and can contain a maximum of 1,000 devices per location. Therefore, you
can create separate device block lists for each location hosting
a GlobalProtect deployments.