Device > Device Quarantine

The system administrator added the device to this list manually.
To manually
Add
a device, enter the
Host ID
and, optionally, the
Serial Number
of the device you need to quarantine.
The system administrator selected the Host ID column from the Traffic, GlobalProtect, Threat log, or Unified logs, selected a device from that column, and then selected
Block Device
.
The device was added to the quarantine list automatically:
Using a log forwarding profile with a security policy rule whose match list had a built-in action set to
Quarantine
.
The Host ID displays in the GlobalProtect logs automatically. For the Host ID to display in the Traffic, Threat, or Unified logs, the firewall must have at least one security policy rule with the
Source Device
set to
Quarantine
. Without this setting in the security policy, Traffic, Threat or Unified logs will not have the Host ID, and the log forwarding profile will not take effect.
Using HIP match log settings with built-in action set to
Quarantine
.
The firewall requires a GlobalProtect subscription license to manually or automatically add GlobalProtect devices to the quarantine list and block login for quarantined devices.
The device was added to the quarantine list using an API.
The firewall received the quarantine list as a part of redistributed entry (the quarantine list was redistributed from another Panorama appliance or firewall).