Block Device Access
In the event that a user loses a device that
provides GlobalProtect access to your network, that device is stolen,
or a user leaves your organization, you can block the device from
gaining access to the network by placing the device in a block list.
A
block list is local to a logical network location (vsys, 1 for example)
and can contain a maximum of 1,000 devices per location. Therefore, you
can create separate device block lists for each location hosting
a GlobalProtect deployments.
- Identify the host ID for the endpoints you want to block.The host ID is a unique ID that GlobalProtect assigns to identify the host. The host ID value varies by device type:
- Windows—Machine GUID stored in the Windows registry (HKEY_Local_Machine\Software\Microsoft\Cryptography\MachineGuid)
- macOS—MAC address of the first built-in physical network interface
- Android—Android ID
- iOS—UDID
- Chrome—GlobalProtect assigned unique alphanumeric string with length of 32 characters
If you do not know the host ID, you can correlate the user-ID to the host ID in the HIP Match logs:- Select .
- Filter the HIP match logs for the source user associated with the device.
- Open the HIP match log and identify the host ID under and optionally the hostname under .
- Create a device block list.You cannot use Panorama templates to push a device block list to firewalls.
- Select andAdda device block list.
- Enter a descriptiveNamefor the list.
- For a firewall with more than one virtual system (vsys), select theLocation(vsys orShared) where the profile is available.
- Add a device to a block list.
- Adddevices. Enter the host ID (required) and hostname (optional) for a device you need to block.
- Addadditional devices, if needed.
- ClickOKto save and activate the block list.The device list does not require a commit and is immediately active.
