When the FortiGate detects devices that have lower trust scores, lack mandatory installed software, or are sending out malicious traffic, an administrator can quarantine the device from the normal switch VLAN to the quarantine VLAN. This can limit the device's access, or provide them specific information on the quarantine portal page.
To quarantine an active device:
Using the CLI, based on the device's MAC address:
config user quarantine config targets edit "manual-qtn-1" set description "Manually quarantined" config macs edit 00:0c:29:d4:4f:3c set description "manual-qtn " next end next end end
Using the GUI:
- On the FortiGate, go to Security Fabric > Physical Topology, or Security Fabric > Logical Topology.
- Mouse over the bubble of an active device, and select Quarantine Host from the right-click menu.
- Click OK in the Quarantine Host page to quarantine the device.
The quarantined device is moved to the quarantine VLAN, and the configuration of the FortiSwitch port does not change.
The quarantined device gets its IP address from the DHCP server on the quarantine VLAN interface. The network locations that the device can access depends on the firewall policies that are configured for the quarantine VLAN interface. By default, the device must acknowledge and accept the information on the Quarantine Portal before it can access any part of the network.
Release or clear the quarantine targets:
Using the CLI:
config user quarantine config targets delete "manual-qtn-1" ... end end
config user quarantine config targets purge end end
Using the GUI:
- Go to Monitor > Quarantine Monitor.
- Delete the quarantine targets as needed, or click Remove All to delete all the targets.