Release a Device from Quarantine Using Cisco ISE

Remove devices from quarantine through the IoT Security integration with Cisco ISE.
Removing a device from quarantine is the same procedure as putting it in quarantine except that you select
More
Send to
Release via Cisco ISE
on the Alerts > Security Alerts page. This option is also available in the Action menu in the Risks and Alerts sections on the Device Details page.
IoT Security sends ISE the PanwIoTAlertSeverity and PanwIoTAlertType attributes with None as the text string and the MAC address of the impacted device, which means the exception rule assigning it to a quarantine VLAN no longer applies to it. The instance or instances that have an endpoint with a matching MAC address release it from quarantine. The next time the device disconnects from the network and then reconnects, it requests network access from Cisco ISE. When ISE doesn’t find any matching exception rules in its policy and accepts the device back onto the network, it puts the device back in its normally assigned VLAN.

Recommended For You