Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Enable Remote Browser Isolation for Any Website

You can enable browser isolation for any website that users request access to if you consider this access a risk.You can also specify exceptions and other settings

Browser isolation is also known as Remote Browser Isolation (RBI). Under Skyhigh Security Service Edge, the mode of browser isolation where browser isolation can be enabled for any website is referred to as full isolation.

NOTE: You must obtain an additional license from Skyhigh Security to enable the full isolation mode of browser isolation.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
  2. From the policy tree, select Browser Isolation > Full Isolation.
  3. Under These rules will apply to all traffic, leave the default scope, which applies the rules in this rule set to all traffic, or click Edit and select criteria to limit this scope. You can limit the scope, for example, to depend on location or client IP addresses.
  4. Enable or disable the rules that are displayed here as needed to specify where not to apply full isolation.
    For each rule that is enabled, click ... in the same line and fill entries in the list that appears. You can fill entries for:
    • Domains (specified by their names)
    • Domains (specified by Regex terms)
    • IP addresses
    • URL categories
    • Risk categories

      You can also enable a rule that relies on a list of domains, IP addresses, and URL categories maintained by Skyhigh Security.

      Full isolation is skipped then for the web objects specified by you or Skyhigh Security.

      For example, when a user requests access to a domain that is in a list, access is granted without applying full browser isolation unless another web policy rule forbids this access.
       
  5. Under Always Isolate, leave the default All traffic, or select Specific domains, IP addresses, or URL categories to enable or disable rules as needed to apply full isolation only to the web objects you specify.

    For each rule that is enabled, click ... in the same line and fill entries in the list that appears. You can fill entries for:
    • Domains (specified by their names)
    • Domains (specified by Regex terms)
    • IP addresses
    • URL categories
    • Risk categories

      Full isolation is always applied then to the specified web objects. For example, when a user requests access to a domain that is in a list, access is only granted with full isolation.

      You can also enable a rule that applies full isolation to any web object that has not been assigned to a URL category. For this rule, you need not fill entries in a list.
       
  6. Under Isolated Clipboard Controls, select options to specify how to handle copying and pasting on the clipboard of a user's system when full isolation applies.
    1. Permit or block use of the clipboard for some domains (specified by Regex terms).
    2. Select an option and click ... in the same line, then fill entries in the list that appears.
    3. Permit copying data from the web to the clipboard.
    4. Permit pasting data from the clipboard to the web.
    5. Allow an unlimited number of characters for copying and pasting or click Max characters for clipboard copy and Max characters for clipboard paste, respectively, to enter limits.
       
  7. Under Isolated File Upload Control, permit or block file uploads from a user's system to the web for some domains (specified by Regex terms) when full isolation applies.

    For each domain, you can further specify the file types that should be permitted or blocked.

    Select an option and click ... in the same line, then fill entries in the list that appears.
     
  8. Under Isolated File Download Control, permit or block file downloads from the web to a user's system for some domains (specified by Regex terms) when full isolation applies.

    For each domain you can further specify the file types that should be permitted or blocked.

    Select an option and click ... in the same line, then fill entries in the list that appears.
     
  9. Under Browser settings, specify how to handle cookies on a user's system when full isolation applies.

    Select Block cookie storage on local machine or leave the default, which allows cookie storage.
     
  10. Under License management, specify what to do if under your license, the maximum number of users that full isolation can be enabled for is exceeded.

    Leave the default Block all sites that would otherwise have been isolated or disable it. If you disable it, users can access these sites without full isolation.

You have now enabled browser isolation as full isolation, which can apply to any website that users request access to, depending on the settings you have specified.

  • Was this article helpful?