You can enable Remote Browser Isolation (RBI) when allowing a user's request to access a website is considered a risk. You can also specify exceptions as well as other settings.
The web security functions that are implemented under Security Service Edge determine whether access to a website is considered a risk.
If a website is considered a risk at a given point in time, it does not mean that this evaluation is to remain forever. On the other hand, a website that is not considered a risk now might be considered one later.
This is because websites can change over time regarding their maliciousness. Also, the risk algorithm used to rate websites is continually getting better.
On the user interface, select Policy > Web Policy > Policy.
From the policy tree, select Browser Isolation > Risky Web.
Under These rules will apply to all traffic, leave the default scope, which applies the rules in this rule set to all web traffic, or click Edit and select criteria to limit this scope. You can limit the scope, for example, to depend on location or client IP addresses.
Enable or disable the rules that are displayed here as needed to specify where not to apply browser isolation.
For each rule that is enabled, click ... (three dots) in the same line and fill entries in the list that appears. You can fill entries for:
- Domains (specified by their names)
- Domains (specified by Regex terms)
- IP addresses
- URL categories
- Risk categories
Browser isolation is skipped for the specified web objects.
For example, when a user requests access to a domain that is in a list, access is granted without applying browser isolation unless another web policy rule forbids this access.
Under Session handling, specify what to do when browser isolation cannot be enabled.
Leave the default Block all sites that would otherwise have been isolated or disable it. If you disable it, users can access these websites without browser isolation.
Under Browser controls specify what to allow regarding file uploads and cookies on a user's system when browser isolation applies.
- Block or allow file uploads from a user's system to the web and downloads in reverse order.
- Block or allow storing cookies on a user's system.
Under Clipboard controls specify what to allow with regard to copying and pasting clipboard data when browser isolation applies.
- Impose no restrictions.
- Allow copying and pasting only within the same browser isolation session.
- Block any copying and pasting.
You have now enabled browser isolation for websites that are considered a risk with the exceptions and other settings you have specified.