Quarantined Resources
When you quarantine a resource, Illumio blocks resource traffic according to quarantine policy except for resources granted controlled access.
Important
For the Quarantine button to appear on the Resource Insights page, you must have a trial or paid Segmentation license.
Use the Quarantine dashboard to view the status of all the resources that have been quarantined.
Quarantined: The quarantine was successful.
Quarantine In Progress: The quarantine is still in progress and you must wait for it to complete.
Quarantine Failed: The quarantine failed. See Illumio events to understand the cause.
Note
Quarantine is available only on Cloud resources.
Use the Quarantine tab to restore a quarantined resource after you have sanitized it. Once restored, Illumio removes the quarantine label from the resource.
Use the Controlled Access tab to view, add, and remove controlled access resources, which are allowed to talk to a quarantined resource. When you add a machine, a dialog filter lets you quickly pick the one you want. Adding a machine means that it has permissions to talk to all quarantined resources.
Quarantine dashboard considerations
The Quarantine dashboard gives you visibility over how workloads are quarantined. Keep these considerations in mind when you use Illumio’s quarantine dashboard.
Insights
Inbound traffic: Illumio creates a deny rule. This deny rule may take precedence over existing allow rules depending on the rule priority.
Outbound traffic: Illumio creates an override deny rule. This deny rule may take precedence over existing allow rules depending on the rule priority.
Supported enforcement points: To quarantine a resource, connect the resource to a security control (enforcement point) supported by Illumio Segmentation for the Cloud.
Quarantine of PaaS resources may not be effective if a public IP is assigned to it.
Illumio Segmentation for the Cloud
You can apply quarantine policies to workloads in the cloud. Because each cloud provider has their own security model, quarantine behavior may vary. Keep these considerations in mind.
Azure only: Quarantine is supported only in Azure.
Permissions: Quarantine requires write access. If an account is onboarded with read-only permissions, Illumio will honor that access level.
Policy preferences: Illumio enforces quarantine according to your selected policy preferences. For example, in Azure, if a VM has multiple controls (NIC NSG, subnet NSG, firewall), Illumio applies enforcement based on the setting you select.
Locked controls: If the resource controls are locked, Illumio will respect that lock and won’t modify the control.
Azure rule priorities: Illumio’s quarantine rules follow Azure’s priority logic so higher-priority allow rules will continue to take effect.
Rule quotas: Quarantine rules are subject to the NSG rule quota.