Prisma Access allows you to identify and quarantine compromised devices that are connected with the GlobalProtect app. You do this by either manually or automatically adding devices to a quarantine list. After you quarantine the device, you can block the quarantined device from accessing the network to ensure consistent policy.

Each Prisma Access mobile user location sends and receives its quarantine information between the Panorama that manages Prisma Access and its nearest service connection. If you have next-generation firewalls or gateways, you should have the service connection redistribute the quarantine list information to and from Panorama and the on-premise firewalls or gateways. You should also redistribute the quarantine list information from Panorama to the service connection to ensure consistent policy enforcement for all mobile user locations (gateways) in Prisma Access.