Skip to main content

Getting Started with Illumio Insights

Quarantine Resources

The Quarantine feature allows you to isolate potentially compromised cloud resources by enforcing a predefined policy that restricts normal communication to and/or from the affected resources. It also supports defining specific exceptions to that policy when needed. (See Enable Controlled Access to quarantined resources).

Note

Although the Quarantine button appears in the user interface to all users, it only works for users with an Admin or Owner role.

Important

For the Quarantine button to appear in the user interface, you must have a trial or paid Segmentation license.

Note

Quarantine is available only on virtual machines in Azure, AWS, and GCP.

Quarantine considerations

Review this section to learn more about Quarantine's operations and limitations.

  • Supported Cloud Service Providers

    • Azure

    • AWS

    • Google Cloud Platform

  • Quarantine and Insights

    • To block outbound traffic, the Quarantine feature creates an Override Deny rule which may take precedence over existing Allow rules, depending on the rule priority.

    • An Allow rule and All-Except IP list entry is added to the default quarantine policy to allow traffic to a quarantined resource from the resource you selected in Administrative Tools.

  • Quarantine and Illumio Segmentation for the Cloud

    You can apply quarantine policies to workloads in the cloud. Because each cloud provider has its own security model, quarantine behavior may vary. Keep these considerations in mind.

    • Permissions: Quarantine requires write access. If an account is onboarded with read-only permissions, Illumio will honor that access level.

    • Azure rule priorities: Illumio’s quarantine rules follow Azure’s priority logic so higher-priority allow rules continue to take effect.

    • Policy preferences: Illumio enforces quarantine at the NIC NSG/SG (Azure/AWS) and VNET Firewall (GCP) regardless of the policy preference you select in Settings > Cloud > Policy Preferences.

    • Locked controls: If the controls of the resource you attempt to quarantine are locked, Illumio respects the lock and doesn't modify the control. A Quarantine Failed error appears.

    • Rule quotas: Quarantine rule capacity is governed by CSP‑defined rule quotas.

Quarantine operations

Learn how to isolate threatened cloud resources, maintain controlled access, and safely restore sanitized workloads.

View quarantined resources

The Quarantine page, launched from the left navigation, lists the status of all quarantined resources in your Illumio tenant along with other details. Other Quarantine page options include:

Quarantine a resource

You quarantine a resource from the Resource Traffic page.

Insights > Resource Traffic

  1. Go to Insights > Resource Traffic.

  2. Filter to find the resource you want to quarantine.

  3. Click Quarantine and then click it again in the confirmation message.

Enable Controlled Access to quarantined resources

From the Administrative Tools tab, you can manage controlled access to quarantined resources by authorizing specific resources to communicate with them. This access enables investigation, recovery, and maintenance while quarantine remains enforced.

  1. Go to the Quarantine page in the left navigation.

  2. Click Administrative Tools.

  3. Click Add.

  4. Select the resource you want to grant controlled access to the quarantined resource.

  5. Click Add.

Restore a quarantined resource

A Restore option on the Quarantine page allows you to remove a resource from quarantine. When you restore a resource, Illumio removes the Quarantined label and removes the resource from the Quarantined Resources list.

  1. Make sure the resource you plan to restore has been properly sanitized.

  2. Go to the Quarantine page in the left navigation.

  3. Select the resource you want to restore, and then click Restore. Click Restore again in the confirmation message.

Remediate a failed quarantine attempt

Failed quarantine attempts are indicated in the status column. To remediate them, take the following actions in the listed order:

  • Look for an error message in the Details slide-out (click the clipboard icon (clipboard-icon.png) to open). The message will describe the cause of the error. For the Missing Permissions error, see Address a missing permissions error

  • Restore the resource and then try again to quarantine it. Often, this allows the quarantine to succeed.

  • See Illumio events to better understand the cause of the error.

Address a missing permissions error

To remediate the Missing Permissions error, configure the additional permissions for the given CSP.

  1. Click Set up Permissions.

  2. Follow the onscreen prompts to set up permissions. Steps vary according to the CSP of the resource. See vendor documentation for more information.