Quarantining an endpoint
You can quarantine an endpoint using EMS. Quarantined endpoints cannot access the network.
You must enable Application Firewall for this feature to function. See Feature Select.
To quarantine an endpoint:
- Go to Endpoints.
- Click All Endpoints, a domain, or workgroup. A list of endpoints displays.
- Click an endpoint, and from the Action menu, select Quarantine.
The endpoint status changes to Quarantined, and EMS quarantines the endpoint with the next FortiClient Telemetry communication.
You can remove an endpoint from quarantine by right-clicking the endpoint and selecting Unquarantine. EMS removes the endpoint from quarantine with the next FortiClient Telemetry communication and restores network access.
You can also provide the endpoint user with a one-time access code. The user can enter the code to access FortiClient on a quarantined endpoint, then remove the endpoint from quarantine in FortiClient. The code is available under Quarantine Access Code after selecting a quarantined endpoint.