Full Isolation — Use Browser Isolation for Websites Based on Your Own Selection
You can use Remote Browser Isolation (RBI) for any website that users request access to if you consider this access a risk. You can also configure exceptions and other settings.
Under Skyhigh Security Service Edge, the RBI version where you can enable browser isolation for any website is referred to as Full Isolation.
You must purchase an additional license from Skyhigh Security to be able to use the Full Isolation version of browser isolation.
- On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
-
From the policy tree in the navigation panel, select Browser Isolation > Full Isolation.
The selected rule set appears in the configuration area on the right. -
Configure when this rule set should apply.
-
Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.
- Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.
-
-
To let some requests skip the remainder of this rule set, which means the browser isolation rules are not processed for these requests, configure lists for the skipping rules that are preset here. They are shown under Preset Rules.
You can configure entries for domains, IP address, URL categories, and reputation risk levels in these lists.
Click the three dots at the end of the line for a rule and work with the options for list handling that are provided. Or click the name of the list for a rule, for example, Domains (Smart Match), to work with these options.
For the reputation risk levels, click the list name and select a level, for example, Medium.
You can also enable a rule with a list of domains, IP addresses, and URL categories recommended for skipping browser isolation that is maintained by Skyhigh Security. For this list, you need not fill in entries. - Under Always Isolate, leave the default All traffic or select Items in these lists to enable or disable rules that apply full isolation only to the web objects you have filled in these lists.
You can fill entries for domains, IP addresses, URL categories, and reputation risk levels.
When a user requests access, for example, to a domain that is in a list, this access is only granted with full isolation.
For each rule that is enabled, click the three dots at the end of its line and fill entries in the list that appears. Or click the name of the list for a rule, for example, Domains (Regex), to fill in entries.
For the reputation risk levels, click the list name and select a level, for example, Medium.
You can also enable a rule that applies full isolation to any website that has not been assigned to a URL category. For this rule, you need not fill entries in a list. -
Under Isolated Clipboard Control, configure use of the clipboard when full isolation applies.
-
Allow use of the clipboard for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided. -
Block use of the clipboard for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided. -
Block or allow copying data from the web to the clipboard on a user's system.
-
Block or allow pasting data from the clipboard on a user's system to the web.
-
Allow an unlimited number of characters for copying and pasting data. Or click Max characters for clipboard paste and Max characters for clipboard copy, respectively, to enter limits.
-
-
Under Isolated File Upload Control, configure how to handle file uploads when full isolation applies.
-
Allow file uploads for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided. -
Block file uploads for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.
-
-
Under Isolated File Download Control, configure how to handle file uploads when full isolation applies.
-
Allow file downloads for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided. -
Block file downloads for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.
You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.
-
-
Under Browser Settings, configure what to allow regarding file uploads and cookies on a user's system when browser isolation applies.
Select Block cookie storage on local machine or leave it disabled, which means cookie storage is allowed.
-
Under License Management, configure what to do when browser isolation cannot be applied because the number of licenses you purchased is exceeded.
Leave the preset Block all sites that would otherwise have been isolated rule enabled or disable it. If you disable it, users can access these websites without browser isolation.
You have now configured browser isolation for websites where you consider accessing them a risk, including exceptions and other settings.