: Identification and Quarantine of Compromised Devices
Focus
Focus

Identification and Quarantine of Compromised Devices

Table of Contents
End-of-Life (EoL)

Identification and Quarantine of Compromised Devices

Add compromised devices to a quarantine list and optionally block users from logging in to them.
GlobalProtect now makes it easier for you to block compromised devices from your network. GlobalProtect identifies a compromised device with its Host ID and, optionally, serial number instead of its source IP address. See Quarantine Devices Using Host Information in the GlobalProtect Administrator’s Guide for more information.
After you identify a device as compromised (for example, if a device has been infected with malware and is performing command and control actions), you can manually add the device’s Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device. You can also automatically quarantine the device using security policies, log forwarding profiles, and log settings.
To view, add, and set actions for quarantined devices, complete the following steps.