Network Quarantine requirements

Review the requirements before you install and use Network Quarantine.

Tanium dependencies

Component Requirement
Platform Version 7.0 or later
License Network Quarantine is included with Tanium Connect. For information about licensing, contact your Technical Account Manager (TAM).
Tanium Connect

(Optional) Version 4.7.4 or later

Tanium Discover (Optional) Version 2.7.0 or later

Tanium Module Server

Network Quarantine is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage.

Third-party software

  • Cisco Identity Services Engine (ISE) 2.2 or later with pxGrid installed
  • Palo Alto Networks OS 7.1 or later

Host and network security requirements

Specific ports and processes are needed to run Network Quarantine.


The following ports are required for Network Quarantine communication.

Component Port Direction Purpose
Module Server 17467 Loopback Internal purposes; not externally accessible.
5222 Outbound Access to Cisco ISE, unless specified otherwise.
443 Outbound Access to Palo Alto Networks firewall, unless specified otherwise.

User role requirements

Tanium 7.0

Administrator role is required for all Network Quarantine tasks.

Tanium 7.1

Table 1:   Tanium 7.1 Network Quarantine User Role Privileges
Privilege Network Quarantine Administrator Network Quarantine User Network Quarantine Read Only User

Show Networkquarantine

View Network Quarantine shared service

Networkquarantine Certificates Read

View configured certificates

Networkquarantine Certificates Write

Add or update configured certificates

Networkquarantine Nacs Read

View configured NACs

Networkquarantine Nacs Write

Add or update configured NACs

Networkquarantine Quarantines Read

View quarantined endpoints

Networkquarantine Quarantines Write

Quarantine or unquarantine endpoints

Networkquarantine Settings Read

View service settings

Networkquarantine Settings Write

Configure service settings

Networkquarantine Nacauditlog Read

View audit log

Last updated: 8/14/2018 12:43 PM | Feedback