In the event that a user loses a device that
provides GlobalProtect access to your network, that device is stolen,
or a user leaves your organization, you can block the device from
gaining access to the network by placing the device in a block list.
block list is local to a logical network location (vsys, 1 for example)
and can contain a maximum of 1,000 devices per location. Therefore, you
can create separate device block lists for each location hosting
a GlobalProtect deployments.
Identify the host ID for the endpoints you want
The host ID is a unique ID that GlobalProtect assigns to
identify the host. The host ID value varies by device type:
GUID stored in the Windows registry (HKEY_Local_Machine\Software\Microsoft\Cryptography\MachineGuid)
macOS—MAC address of the first built-in physical network
Chrome—GlobalProtect assigned unique alphanumeric string
with length of 32 characters
If you do not know
the host ID, you can correlate the user-ID to the host ID in the
HIP Match logs:
Filter the HIP match logs for the source user associated
with the device.
Open the HIP match log and identify the host ID under
optionally the hostname under
Create a device block list.
You cannot use Panorama templates to push a device
block list to firewalls.
Device Block List
device block list.
Enter a descriptive
For a firewall with more than one virtual system (vsys),
where the profile is available.
Add a device to a block list.
the host ID (
) and hostname (
a device you need to block.
additional devices, if
to save and activate
the block list.
The device list does not require a commit and is