Identifying and Managing Quarantined Users Manually

When IPS quarantines a user based on an attack, you can display and manage the states by locating the user link in the Active Users page.

• A small warning icon is displayed in front of the username.
• The linked username.
• An enabled Quarantined option button on the specific user’s page. If the user is not quarantined, the option button is disabled.

To manage quarantined users:

1. Locate Identify quarantined users at System > Status > Active Users.
2. The quarantined user and click on the username link. The user page opens, showing a number of options.
3. Click Disabled to disallow a user from authenticating.
4. Click Quarantined to leave a user in a quarantined state. The Quarantined option is enabled only if the user is already quarantined.

   IPS assigns quarantined users to the quarantined role, regardless of their log in realm.

5. Click Save Changes.

   To re-enable previously quarantined or disabled users, select Authentication > Auth. Servers > Select Server > Users and click the link for the given user.

   You can also disable users from this location.

6. Click Enabled to release the user from quarantine.
7. Click Save Changes.