Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Remote Browser Isolation - Best Practices

  1. Last updated
  2. Save as PDF

Skyhigh recommends noting the following best practices to optimize your Remote Browser Isolation (RBI) experience and ensure secure usage:

  • It is strongly recommended that administrators should update end users' browsers to the latest version when accessing the RBI to ensure a seamless experience and optimal performance. For more details about supported browsers, see Supported Browsers.

  • When configuring Next Hop Proxy (NHP) to SSE for purposes of using RBI:

    • NHP should be sticky by user, sticky by IP is fine if addresses hitting the child proxy are unique by user. The entire rbi.skyhigh.cloud domain (*.rbi.skyhigh.cloud) must be configured to NHP to SSE

  • Disable:

    • TLS/DLP/GAM scanning on any intermediate devices between your client and the RBI POP for *.session.rbi.skyhigh.cloud

    • Turn Off WebSockets inspection for *.skyhigh.cloud

  • Avoid

    • YouTube and other media streaming services for entertainment purposes on RBI. Evaluate the associated risks when deciding whether to block or bypass media streaming sites on RBI.

  • Bandwidth Guidance

    • If you encounter performance challenges, you can run an internet speed test, such as the Cloudflare speed test at https://speed.cloudflare.com/. Make sure that your connection meets the following minimum requirements:

      Download Speed >= 25Mbps
      Latency <= 40ms
      Jitter <= 7ms

Note: These numbers are based on a standard 1080P desktop resolution and video quality. While this serves as a guideline, your experience may be affected by other factors. If you are experiencing any performance issues despite meeting the above requirements, contact Skyhigh Support.

Traffic Allow / Redirect Rules

  • Make sure the SCP policy bypass list does not include (redirect):

    • skyhigh.cloud

    • rbi.skyhigh.cloud

    • bootstrap.rbi.skyhigh.cloud

RBI FulI Isolation

  • Recommends not to use YouTube and other media streaming services for entertainment purposes on RBI Full Isolation.

  • If the RBI Full Isolation license is not available:

    • Ensure the URL Filtering rule sets are configured to block high and medium risk reputation sites.

    • Block or allow uncategorized sites. RBI Risky Web will take action on uncategorized and unverified sites by default.

Traffic Bypass Rules

  • Set a bypass rule in the URL Filtering rule set specifically to block uncategorized sites for testing RBI Risky Web.

NOTE: The administrators need this as a tool to verify the feature's functionality, with nopixels.com as an example site. 

  • Set a bypass rule in the Risk Web rule for the URL Categories Stream Media and Web Meetings.
    • Organizations can add more URLs based on the requirements.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.