Device isolation
An isolated device is one that is blocked from communicating with the outside world (for both sending and receiving). A device can be isolated manually, as described below. For more details see Investigation
Isolation mode takes effect upon any attempt to establish a network session after isolation mode has been initiated. Connections that were established before device isolation was initiated remain intact. The same applies for Communication Control denial configuration changes. Note that both Isolation mode and Communication Control denial do not apply on incoming RDP connections and ICMP connections. |
To isolate a device:
- In the COLLECTORS page, select the checkbox(es) of the FortiEDR Collector(s) that you want to isolate.
- Click the down arrow on the Isolate button and select Isolate.
The following window displays:
- Click the Isolate button. A red icon appears next to the relevant Collector to indicate that the Collector has been isolated, as shown below:
To remove isolation from a device:
- In the COLLECTORS page, select the checkbox(es) of the FortiEDR Collector(s) whose isolation you want to remove.
- Click the down arrow on the Isolate button and select Remove isolation, as shown below.
The following window displays:
- Click Remove.