Skip to main content
Skyhigh Security

Full Isolation — Use Browser Isolation for Websites Based on Your Own Selection

You can use Remote Browser Isolation (RBI) for any website that users request access to if you consider this access a risk. You can also configure exceptions and other settings.

Under Skyhigh Security Service Edge, the RBI version where you can enable browser isolation for any website that you consider a risk is referred to as Full Isolation.

You must purchase an additional license from Skyhigh Security to be able to use the Full Isolation version of browser isolation.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
  2. From the policy tree in the navigation panel, select Browser Isolation > Full Isolation.

    The selected rule set appears in the configuration area on the right.

  3. Configure when this rule set should apply.

    • Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.

    • Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.

      clipboard_e6b88e0ebe60e06ab4458e18b1bb2f20d.png
  4. To let some requests skip the remainder of this rule set, which means the browser isolation rules are not processed for these requests, configure lists for the skipping rules that are preset here. They are shown under Preset Rules.

    You can configure entries for domains, IP address, URL categories, and reputation risk levels in these lists.

    clipboard_e46b92939d2dbdac6643e69673455434f.png

    Click the three dots at the end of the line for a rule and work with the options for list handling that are provided. Or click the name of the list for a rule, for example, Domains (Smart Match), to work with these options.

    For the reputation risk levels, click the list name and select a level, for example, Medium.

    clipboard_e28b62e68f0dfedd2287b163edc1e29e4.png

    You can also enable a rule with a particular list of domains, IP addresses, and URL categories recommended for skipping browser isolation. This list is maintained by Skyhigh Security, which means you need not fill in entries for this list.

  5. Under Always Isolate, leave the default All traffic or select Items in these lists to enable or disable rules that apply full browser isolation only to the web objects you have filled in these lists.

    You can fill entries for domains, IP addresses, URL categories, and reputation risk levels.

    When a user requests access, for example, to a domain that is in a list, this access is only granted with full browser isolation.

    clipboard_ef67c5c3f6cf06650e62d8a0b9d55c6de.png

    For each rule that is enabled, click the three dots at the end of its line and fill entries in the list that appears. Or click the name of the list for a rule, for example, Domains (Regex), to fill in entries.

    For the reputation risk levels, click the list name and select a level, for example, Medium.

    clipboard_e6fcef1e588c016d6610102ae726b1c87.png

    You can also enable a rule that applies full isolation to any website that has not been assigned to a URL category. For this rule, you need not fill entries in a list.
  6. Under Isolated Clipboard Control, configure use of the clipboard when full browser isolation is applied.

    clipboard_e9c39b5936d47b5a76d130bbbaa9c1764.png

    1. Allow use of the clipboard for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

    2. Block use of the clipboard for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

    3. Block or allow copying data from the web to the clipboard on a user's system.

    4. Block or allow pasting data from the clipboard on a user's system to the web.

    5. Allow an unlimited number of characters for copying and pasting data. Or click Max characters for clipboard paste and Max characters for clipboard copy, respectively, to enter limits.

  7. Under Isolated File Upload Control, configure how to handle file uploads when full browser isolation is applied.

    clipboard_e338dad47749d1352335437c8883a449a.png

    1. Allow file uploads for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

    2. Block file uploads for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

  8. Under Isolated File Download Control, configure how to handle file uploads when full browser isolation is applied.

    clipboard_edfec69377bb6f15994d14849a47da134.png

    1. Allow file downloads for all domains. Click Add Exceptions if needed and fill in exceptions that are not allowed in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

    2. Block file downloads for all domains. Click Add Exceptions if needed and fill in exceptions that are not blocked in the list that appears.

      You can also click the three dots at end of the line for the rule and work with the options for list handling that are provided.

  9. Under Browser Settings, configure whether storing cookies on a user's system is allowed when full browser isolation is applied. You can also disable the browser isolation indicator here.

    • Select Block cookie storage on local machine or leave it disabled, which means cookie storage is allowed.

    • Select Disable Browser isolation indicator or leave it disabled. If you select this option, the browser isolation indicator is disabled.

      This indicator is a green border, which is shown around a web page in the user's browser when full browser isolation is applied. It is shown to indicate that this web security measure is in place. If the indicator is disabled, browsing the web is still protected by full browser isolation, but this web security measure is hidden.

      If you leave this option disabled, the green border is shown to indicate that browser isolation is applied.

      clipboard_e625978f98f3cf35d4e67643fc73091db.png

  10. Under License Management, configure what to do when full browser isolation cannot be applied because the number of licenses you purchased is exceeded.

    Leave the preset Block all sites that would otherwise have been isolated rule enabled or disable it. If you disable it, users can access these websites without browser isolation.

    clipboard_eccc6d06b1d88e6c8c769f12be07e780d.png

You have now configured full browser isolation for websites if you consider accessing them a risk, including exceptions and other settings.

  • Was this article helpful?