We have multiple sites each with their own pair of MX's that are configured with WAN1 for ISP1 (primary) and WAN2 for ISP2 (failover). If we receive a report that a ransomware message appears on a client's PC, we want to remotely disconnect that entire site from the internet (and our VPN).
One way to do this is to simply power off the MX's or disable their network connectivity. However, we (IT admins) are not at each site and we don't know how to do this remotely. I understand from another post on this forum that you cannot remotely disable both WAN ports.
Please advise on a solution? With the increasing threat of ransomware, we need a "red button" to push so we can quickly isolate a site from the network.