Each Prisma Access mobile user location sends and receives its quarantine information
between the Panorama that manages Prisma Access and its nearest service connection. If
you have next-generation firewalls or gateways, you should have the service connection
redistribute the quarantine list information to and from Panorama and the on-premises
firewalls or gateways. You should also redistribute the quarantine list information from
Panorama to the service connection to ensure consistent policy enforcement for all
mobile user locations (gateways) in Prisma Access.
A device appears in the quarantine list as a result of the following actions:
The system administrator added the device to this list manually.
The device was added to the quarantine list automatically.
Using a log forwarding profile with a security policy rule whose match
list had a built-in action set to Quarantine.
Using HIP match log settings with built-in action set to Quarantine.
The device was added to the quarantine list using an API.
The quarantine list was received as a part of redistributed entry (the quarantine
list was redistributed from another Panorama appliance).