In the event that a user loses a device that
provides GlobalProtect access to your network, that device is stolen,
or a user leaves your organization, you can block the device from gaining
access to the network by placing the device in a block list.
A
block list is local to a logical network location (vsys, 1 for example)
and can contain a maximum of 1,000 devices per location. Therefore,
you can create separate device block lists for each location hosting
a GlobalProtect deployments.