Creating a Quarantine Zone
For devices that cannot be classified—that is, they do not match any of the Deny or Standard zone profiles—you
can create a Quarantine zone. You can offer a user whose device is classified into this zone Web links and an
explanation, for example, of how to bring his or her device into compliance with your security policies, or how
to configure a system for EPC interrogation.
Only one Quarantine zone per community can be defined (you can create multiple Deny and Standard zones).
When you configure a community, you choose the fallback zone for devices that cannot be classified: they can
either be placed in the Default zone or a Quarantine zone. For more information, see Using End Point Control Restrictions in a Community
To define a Quarantine zone
In the AMC, navigate to User Access > End Point Control.
The End Point Control page displays.
In the Zones and Profiles section, click Edit next to Zones.
The Zones and Profiles page displays.
Click the + (New) icon.
Select Quarantine zone from the drop-down list.
The Add Quarantine Zone page displays.
In the Name field, type a meaningful name for the zone.
(Optional) In the Description field, type a descriptive comment about the zone.
In the Customization area, type the message you want quarantined users to see. You might offer an explanation for why a device was placed in quarantine and what is required to make it comply with your security policies.
Remediation steps for devices that are placed in a Quarantine zone should probably include information
on how to configure a system for EPC interrogation.
Add any Web links that can help users bring their devices into compliance. This can be a mixture of public
and private URLs:
- A public address might reference an Internet URL from which the user can download a software
component, such as a Java Virtual Machine. Public resources are normally redirected through the
appliance; prevent this redirection by adding the resource in the exclusion list. See Using the Exclusions for instructions.
- A private address might reference an intranet URL containing the latest virus definitions. In this
case, rules are automatically created to give users access to the URL you specify and to prevent
them from accessing any other resources.
Click Save or Save and Add Another.
Was This Article Helpful?
Help us to improve our support portal