Quarantine Control overview

Quarantine Control provides phased network access for remote clients, also known as virtual private network (VPN) clients, by restricting them to a quarantine mode before allowing them access to the network. After the client computer configuration is either brought into or determined to be in accordance with your organization's specific quarantine restrictions, standard VPN policy is applied to the connection, in accordance with the type of quarantine you specify. Quarantine restrictions might specify, for example, that specific antivirus software is installed and enabled while connected to your network. Although Quarantine Control does not protect against attackers, computer configurations for authorized users can be verified and, if necessary, corrected before users can access the network. A timer setting is also available, which you can use to specify an interval at which the connection is dropped, if the client fails to meet configuration requirements.

With Microsoft Internet Security and Acceleration (ISA) Server 2006, you can select how to enable quarantine mode:

You can also choose to disable quarantine mode.

For instructions, see Enable Quarantine Control.

Quarantine Control is an option available to you as a means of controlling the compliance of VPN clients with your corporate security requirements. Note that when quarantine mode is disabled, all remote VPN clients with appropriate authentication permissions are placed in the VPN Clients network, and will have the access you have allowed the VPN Clients network in your firewall policy.

Quarantine Control for ISA Server works with Routing and Remote Access to provide a means of restricting VPN client access to corporate networks. With ISA Server, you can require that a newly connected VPN client is assigned to the Quarantined VPN Clients network, with a restrictive firewall policy, until the client's Connection Manager indicates that the client is in compliance with corporate connection policy.

Quarantine Control relies on the Connection Manager profile you create for your VPN clients. Connection Manager profiles are created with the Connection Manager Administration Kit (CMAK) provided in Windows Server 2003 and Windows 2000 Server. The Connection Manager profile contains:


web link Get latest ISA Server content at ISA Server Guidance.
Send feedback about this page Send feedback about this page.