What is a Reputation Filter? A Reputation filter associates an action set with one or more of entries in the Reputation Database. Possible actions include: block, permit, notify, and trace. When the profile containing the Reputation filter is distributed to a device, the specified actions are applied to traffic that matches the addresses of tagged entries in the Reputation Database that have been screened using specified tag criteria.
What is Quarantine? The Quarantine option enhances your devices to contain or remove offending network users or devices and provides the ability to automate sophisticated responses to security events. By enabling quarantine with a Block action set, you reduce the exposure of your network to internal and external threats.
Use Case Description: When using quarantine actions sets with reputation filters, the quarantine action will apply to the hosts attempting to communicate with the reputation entries. For example, if host1 is in the reputation database with an action set of quarantine and host2 attempts to communicate with host1, host2 will be quarantined and all other communications from host2 will be blocked. Its best practice to add quarantine action exceptions for hosts that you would never want to quarantine (E.g. Default Gateway, DNS/SMTP Servers, etc.).
