Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Remote Browser Isolation - Best Practices

  1. Last updated
  2. Save as PDF

Skyhigh recommends noting the following best practices to optimize your Remote Browser Isolation (RBI) experience and ensure secure usage:

  • It is strongly recommended that administrators should update end users' browsers to the latest version when accessing the RBI to ensure a seamless experience and optimal performance. For more details about supported browsers, see Supported Browsers.

  • The end-user connection must maintain a minimum download bandwidth of 50 Mbps, suitable for most broadband connections, including Wi-Fi.

  • When configuring Next Hop Proxy (NHP) to SSE for purposes of using RBI:

    • NHP should be sticky by user, sticky by IP is fine if addresses hitting the child proxy are unique by user. The entire rbi.skyhigh.cloud domain (*.rbi.skyhigh.cloud) must be configured to NHP to SSE

  • Disable:

    • TLS/DLP/GAM scanning on any intermediate devices between your client and the RBI POP for *.session.rbi.skyhigh.cloud

    • Turn Off WebSockets inspection for *.skyhigh.cloud

  • Avoid

    • YouTube and other media streaming services for entertainment purposes on RBI. Evaluate the associated risks when deciding whether to block or bypass media streaming sites on RBI.

Traffic Allow / Redirect Rules

  • Make sure the SCP policy bypass list does not include (redirect):

    • skyhigh.cloud

    • rbi.skyhigh.cloud

    • bootstrap.rbi.skyhigh.cloud

RBI FulI Isolation

  • Recommends not to use YouTube and other media streaming services for entertainment purposes on RBI Full Isolation.

  • If the RBI Full Isolation license is not available:

    • Ensure the URL Filtering rule sets are configured to block high and medium risk reputation sites.

    • Block or allow uncategorized sites. RBI Risky Web will take action on uncategorized and unverified sites by default.

Traffic Bypass Rules

  • Set a bypass rule in the URL Filtering rule set specifically to block uncategorized sites for testing RBI Risky Web.

NOTE: The administrators need this as a tool to verify the feature's functionality, with nopixels.com as an example site. 

  • Set a bypass rule in the Risk Web rule for the URL Categories Stream Media and Web Meetings.
    • Organizations can add more URLs based on the requirements.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.