Fortinet black logo

Endpoint quarantine for Linux

Copy Link
Copy Doc ID 0649062b-898a-11ea-9384-00505692583a:89613
Download PDF

Endpoint quarantine for Linux

FortiClient & FortiClient EMS 6.4.0 adds quarantine support for FortiClient (Linux). You can quarantine any compromised Linux machine through FortiClient. If a Linux machine is compromised or infected with malicious software, you can isolate the compromised machine by blocking all of the infected machine's network access so that it does not impact other machines or resources on the network.

To quarantine a Linux endpoint:
  1. In EMS, go to All Endpoints, then select the desired endpoint.
  2. From the Action dropdown list, select Quarantine.

After you quarantine the endpoint, FortiClient displays the Quarantine screen and blocks all of the machine's network access. You can also show a customized message on FortiClient when it is quarantined. See Customizing the endpoint quarantine message.

In EMS, the endpoint Status on the Summary tab changes from Registered to Quarantined.

After you clear the infected machine of the malicious software or vulnerable application, you can remove the endpoint from quarantine to restore its network connectivity. You can select the endpoint and select Unquarantine from the Actions dropdown list in EMS, or you can provide the user with the one-time quarantine access code shown on the Summary tab in EMS.

Endpoint quarantine for Linux

FortiClient & FortiClient EMS 6.4.0 adds quarantine support for FortiClient (Linux). You can quarantine any compromised Linux machine through FortiClient. If a Linux machine is compromised or infected with malicious software, you can isolate the compromised machine by blocking all of the infected machine's network access so that it does not impact other machines or resources on the network.

To quarantine a Linux endpoint:
  1. In EMS, go to All Endpoints, then select the desired endpoint.
  2. From the Action dropdown list, select Quarantine.

After you quarantine the endpoint, FortiClient displays the Quarantine screen and blocks all of the machine's network access. You can also show a customized message on FortiClient when it is quarantined. See Customizing the endpoint quarantine message.

In EMS, the endpoint Status on the Summary tab changes from Registered to Quarantined.

After you clear the infected machine of the malicious software or vulnerable application, you can remove the endpoint from quarantine to restore its network connectivity. You can select the endpoint and select Unquarantine from the Actions dropdown list in EMS, or you can provide the user with the one-time quarantine access code shown on the Summary tab in EMS.