Just like how you can use Gateway to allow or block traffic based on content categories or security threats, you can define Isolation policies to dynamically isolate websites based on identity, security threats or content. To build Browser Isolation policies, navigate to Policies > HTTP policies on the Teams Dashboard. In the rule builder, choose the Isolate or Do not Isolate actions to enable or disable isolation for certain websites or content.
When an HTTP policy applies the Isolate action, the user's web browser is transparently served an HTML compatible remote browser client. Isolation policies can be applied to requests that include
Accept: text/html*. This allows Browser Isolation policies to co-exist with API traffic.
If you'd like to isolate all security threats, you can set up a policy with the following configuration:
|Security Threats||In||All security threats||Isolate|
If instead you need to isolate specific hostnames, you can list the domains you'd like to isolate traffic to:
Do Not Isolate
You can choose to disable isolation for certain destinations or categories. The following configuration disables isolation for traffic directed to
|Host||In||Do Not Isolate|
Malware and zero-day threats are not the only security challenges administrators face with web browsers. The mass adoption of SaaS products has made the web browser the primary tool used to access data. Lack of control over both the application and the browser has left administrators little control over their data once it is delivered to an endpoint.
All the following settings can be applied to websites through Applications, Lists, Domain and Hostname expressions.
Disable copy / paste
- Behavior. Prohibits users from copying and pasting content between a remote web page and their local machine.
- Use Case. .
- Behavior. Prohibits users from performing keyboard input into the remote page.
- Use Case. Prevent users inputting sensitive information into unknown/untrusted websites.
- Behavior. Prohibits users from uploading files from their local machine into a remote web page.
- Use Case. Protect sensitive data from being exfiltrated to unknown/untrusted websites.
- Behavior. Prohibits users from exporting files from the remote browser to their local machine.
- Use Cases. Protect users from downloading files from unknown/untrusted sources, and protect sensitive content in self-hosted or SaaS applications from data loss.