You are here
Quick Tip: ISE 2.x Unquarantine EPS Endpoint
This is something that we learnt while we were doing some testing on ISE 2.x pxGrid integration with Lancope Stealthwatch. If you have your endpoints quarantined from Lancope Stealthwatch (or any other EPS subscriber systems) but for some reason fail to unquarantine them, you might find your endpoints being stuck in the EPS-Quarantine state forever. As of ISE 2.0 Patch2 and 2.1, you can manually unquarantine any endpoints from ISE using their MAC addresses. Problem solved!!!
Go to Operations > ANC > Endpoint Assignment then click EPS Unquarantine
Enter the endpoint MAC address and click Unquarantine. This should cause a CoA to go out and force the endpoint to reauthenticate, hopefully no longer hit your quarantine authorization policy.