Network Quarantine overview

With Network Quarantine, you can use your existing network access control (NAC) solution to control the communication of both managed and unmanaged endpoints.

NAC devices

With the Network Quarantine service, Tanium products can communicate with a NAC to isolate endpoints. The following NAC devices are supported:

Palo Alto Networks Layer 3 Firewall

Supports blocking of IP addresses with Dynamic Address Groups (DAG). Palo Alto Networks Panorama is not supported.

Cisco Identity Services Engine (ISE)

Supports blocking by MAC address.

For more information, see Configuring NACs.

Automated rules

If you are using ISE, you can create automated rules to find endpoints that need to be quarantined. Automated rules use saved questions to identify endpoints that are causing violations. You can then quarantine these endpoints. For more information, see Quarantine with automated rules.

Product integration

Tanium™ Discover

When the Network Quarantine service is configured with Tanium Discover, you can quarantine a MAC or IP address directly from the Interfaces pages. For more information, see the Tanium Discover User Guide.

Tanium™ Connect

Network Quarantine generates events when the NAC starts or stops, or when an endpoint is quarantined. You can send notifications about these events to destinations such as email, security information and event management (SIEM) software, or a file by creating a connection in Connect. For more information, see Configuring notifications.

This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties (“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.

Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights.

Tanium is committed to the highest accessibility standards to make interaction with Tanium software more intuitive and to accelerate the time to success. For more information, see Tanium Product Accessibility.