After you identify a device
as compromised (for example, if a device has been infected with
malware and is performing command and control actions), you can manually
add the device’s Host ID to a quarantine list and configure GlobalProtect to
prevent users from connecting to the GlobalProtect gateway from
a quarantined device. You can also automatically quarantine the
device using security policies, log forwarding profiles, and log
settings.
To view, add, and set actions for quarantined devices,
complete the following steps.