Network Security
Policy Object: Quarantine Device Lists (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Policy Object: Quarantine Device Lists (Strata Cloud Manager)
Configure the quarantine list feature for Strata Cloud Manager Managed
Prisma Access
mobile user (GlobalProtect) deployments.Prisma Access
allows you to identify and quarantine compromised
devices with the GlobalProtect app. You can either manually or automatically
(based on auto-tags) add devices to a quarantine list. You can block
quarantined devices from accessing the network or restrict the device
traffic based on a security rule.To get started, set up a
Quarantined Device List. Then use the list as part of identity redistribution.
Set Up a Quarantined Device List
The Quarantined Device List screen is where
you identify devices you want to block from accessing your network.
Follow
these steps to add a device to the Quarantined Device List:
- Select.ManageConfigurationNGFW andPrisma AccessObjectsQuarantined Device ListTheSharedconfiguration scope is already selected for you. Leave this option as is.
- SelectAdd Device.
- Fill in theHost IDandSerial Numberfields.
- SelectSave.
- Repeat steps 1-4 to add additional devices.
Configure Identity Redistribution
The Identity Redistribution screen is where
you configure how identity information is redistributed in the
Prisma Access
Infrastructure. Configure identity redistribution to use
the quarantined device list so that all devices on the network that
enforce policy know to block the compromised devices.Follow
these steps to configure identity redistribution to use the Quarantined Device
List you created:
- Select.ManageConfigurationNGFW andPrisma AccessIdentity ServicesIdentity Redistribution List
- Select the appropriate configuration scope, Shared or Mobile Users.You can ignore Service Connections for now because Service connections learn from mobile users, remote networks, or external redistribution agents, as shown in the diagram. If you’re unsure about which to select, see Global and Local Policy.Sharedis selected by default.
- SelectEditnext toMobile Users.
- Select the checkbox next to theQuarantined Device List.
- SelectSave.Learn more about Identity Redistribution.
Block Login for Quarantined Devices
Block quarantined devices from accessing the
network, or block users from logging into the network from devices
on the Quarantined Device List.
Follow these steps to configure
Authentication Settings to prevent users from logging into GlobalProtect
from a quarantined device:
- Select.WorkflowsPrisma AccessSetupGlobalProtect
- Scroll down toUser Authenticationsand selectAuthentication Settings.TheAuthentication Settingsscreen appears.
- Select the checkbox forBlock Login for Quarantined Devices.
- SelectSave.
Use Quarantine Device List for Security Policy Enforcement
Prevent quarantined devices from sending or
receiving traffic on the network by specifying options in a security rule.
Follow these steps to configure Security Policy
to use your Quarantined Device List to prevent quarantined devices
from sending or receiving traffic on the network:
- Selectfrom the sidebar.ManageConfigurationNGFW andPrisma AccessSecurity ServicesSecurity Policy
- Scroll down toSecurity Rulesand selectAdd Rule.TheAdd Security Policy Rulescreen appears.
- Scroll down toDEVICESunder eitherSourceorDestinationand selectMatch Quarantined Devices.This tells your rule to use devices in the quarantine list as the match criteria, whether you specify Quarantine as the Source Device for Source traffic or the Destination Device for Destination traffic.
- UnderAction and Advanced Inspection, specify an action that blocks the quarantined device, such asDenyas required by your rule.
- SelectSave.