cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
264
Views
2
Helpful
2
Replies

Secure Endpoint, allow internet access while computer is isolated?

hank hale
Level 1
Level 1

Is it possible to put a machine in isolation, to keep it off our internal network, but still allow the machine to access the internet? I have built an IP Block List with our internal IPs, but we would want our end users to be able to access the internet if moved to this policy. Long story short, it is a policy to put traveling staff into, should their machine become compromised, as a temp fix until we are able to address the issue. 

 

Thanks

1 Accepted Solution

Accepted Solutions

Matthew Franks
Cisco Employee
Cisco Employee

You couldn't achieve this with endpoint isolation since it is meant to stop the endpoint from communicating with anything other than the Secure Endpoint servers. What you can do is move them to a policy with the IP Blacklist in place rather than isolating them if you see an issue where they would normally be isolated. I would caution against this approach since it would allow any malicious code to reach out to additional resources.

Thanks,

Matt

View solution in original post

2 Replies 2

Matthew Franks
Cisco Employee
Cisco Employee

You couldn't achieve this with endpoint isolation since it is meant to stop the endpoint from communicating with anything other than the Secure Endpoint servers. What you can do is move them to a policy with the IP Blacklist in place rather than isolating them if you see an issue where they would normally be isolated. I would caution against this approach since it would allow any malicious code to reach out to additional resources.

Thanks,

Matt

hank hale
Level 1
Level 1

Thanks Matt!