Other resources

Release Notes

Support Knowledge Base
(login required)

Network Quarantine overview

With Network Quarantine, you can use your existing network access control (NAC) solution to control the communication of both managed and unmanaged endpoints.

NAC devices

With the Network Quarantine service, Tanium products can communicate with a NAC to isolate endpoints. The following NAC devices are supported:

Palo Alto Networks Layer 3 Firewall

Supports blocking of IP addresses with Dynamic Address Groups (DAG). Palo Alto Networks Panorama is not supported.

Cisco Identity Services Engine (ISE)

Supports blocking by MAC address.

For more information, see Configuring NACs.

Automated rules

If you are using ISE, you can create automated rules to find endpoints that need to be quarantined. Automated rules use saved questions to identify endpoints that are causing violations. You can then quarantine these endpoints. For more information, see Quarantine with automated rules.

Product integration

Tanium™ Discover

When the Network Quarantine service is configured with Tanium Discover, you can quarantine a MAC or IP address directly from the Interfaces pages. For more information, see the Tanium Discover User Guide.

Tanium™ Connect

Network Quarantine generates events when the NAC starts or stops, or when an endpoint is quarantined. You can send notifications about these events to destinations such as email, security information and event management (SIEM) software, or a file by creating a connection in Connect. For more information, see Configuring notifications.

Last updated: 11/2/2018 1:37 PM | Feedback