You can quarantine an endpoint using EMS. Quarantined endpoints cannot access the network.
- Go to Endpoints.
- Click All Endpoints, a domain, or workgroup. A list of endpoints displays.
- Click an endpoint, and from the Action menu, select Quarantine.
The endpoint status changes to Quarantined, and the endpoint is quarantined with the next FortiClient Telemetry communication.
You can remove an endpoint from quarantine by right-clicking the endpoint and selecting Unquarantine. The endpoint is removed from quarantine with the next FortiClient Telemetry communication and network access is restored.
Note you can also provide the endpoint user with a one-time access code. The user can enter the code to access FortiClient on a quarantined endpoint, then remove the endpoint from quarantine in the FortiClient console. The code is available under Quarantine Access Code after selecting a quarantined endpoint as seen below.