Device Isolation

The Device Isolation feature provides a preventive layer of protection by restricting a device from communicating with other devices on the local network (LAN) while connected to the VPN (organizational private resources).

To do that:

1. Access the Harmony SASE Administrator Portal and click Team > User Profiles.
2. Click Add Configuration Profile.
3. Go to the Network Configuration section.
4. Turn on the Block LAN traffic while connected to a Private network toggle button.
   

By enabling this feature, the device is protected from potentially unsafe or untrusted local traffic, reducing exposure to risks while still allowing secure communication with external resources and the public internet.

When Device Isolation is turned on:

• All local network traffic is blocked - The device cannot send or receive traffic from any local network traffic (only while connected to the VPN), for example,  printers, shared folders, or local servers.
• Internet and external VPN traffic remains unaffected - Outbound traffic is still routed through the VPN to external destinations, allowing continued access to organizational and public internet resources.

Use Case

Enable Device Isolation in high-security environments or scenarios where:

• Devices are operating in potentially untrusted networks, for example, public Wi-Fi.
• You want to enforce stricter lateral movement prevention.
• Reducing the attack surface within the internal network is a priority.