elastic · joepeeples · Jul 31, 2024 · Jul 17, 2024 · Jul 17, 2024 · Jul 17, 2024
@@ -12,7 +12,12 @@ Host isolation exceptions support IPv4 addresses, with optional classless inter-
 You must have the *Host Isolation Exceptions* <<endpoint-management-req,privilege>> to access this feature.
 --
 
-IMPORTANT: Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.
+[IMPORTANT]
+====
+* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.
+
+* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses.
+====
 
 Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy.
 

@@ -22,7 +22,9 @@ You must have the appropriate user role to use this feature.
 </DocCallOut>
 
 <DocCallOut title="Important" color="warning">
-Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.
+* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.
+
+* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses.
 </DocCallOut>
 
 Host isolation requires the Endpoint Protection Complete <DocLink slug="/serverless/elasticsearch/manage-project" text="project feature"/>. By default, a host isolation exception is recognized globally across all hosts running ((elastic-defend)). You can also assign a host isolation exception to a specific ((elastic-defend)) integration policy, affecting only the hosts assigned to that policy.