Remote Browser Isolation in China
Remote Browser Isolation is available in China to help protect your manged device users
from browser and web-based attacks through isolation.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
- Prisma Access China 5.2.0 license with the Mobile User or
Remote Networks license subscription
- Minimum Prisma Access
dataplane version:
11.2.3
|
Remote Browser Isolation (RBI) extends its service and associated infrastructure within China's
geographic boundary. Enterprises in China can benefit from the fully integrated solution
of RBI and Prisma Access to isolate all malware, including
zero-day attacks that result from browsing and web activity, away from your users'
managed devices and your network.
RBI China is supported on
Prisma Access in China (
Prisma Access
China limitations and conditions apply).
RBI-enabled tenants
(instances) in China are separate from the rest of the world's tenants, and only support
the traffic from the supported
Prisma Access connection methods (Mobile User,
Explicit Proxy, and Remote Networks).
The capabilities available in
RBI China are the same as the
RBI
capabilities for the rest of the world. However, note the following
differences:
- You can onboard RBI China only on Strata Cloud Manager Managed Prisma Access China tenants. The tenants can
be new or existing tenants.
- You cannot use RBI China locations with Prisma Access tenants hosted in the rest of
the world. To use RBI China locations, you will have to manage a separate tenant.
See Prisma Access in China for the list of
differences between Prisma Access and Prisma Access China.
- RBI China allows domestic local traffic to egress locally and allows international
traffic to go through cross-border lease lines to bypass China's internet censorship
system, through the Service Connection.
- Communications between RBI components deployed within China to
components outside of China (such as license activation, Strata Cloud Manager, and
so forth) will go through a secure bridge with a separate root of trust.
- Autonomous DEM, Visibility and Insights, and AIOps integrations are not
supported.
- Remote Networks fall back on high availability is not supported.
The following licensing and activation considerations apply:
- You can activate Prisma Access China SKUs with the RBI SKU, when you select the
RBI SKU.
- RBI China uses the same RBI SKUs and pricings as the rest of the world.
- Activate RBI China only on Prisma Access China
tenants.
All Prisma Access China compute and edge locations support the localization of RBI sessions.
For RBI users, the following Prisma Access conditions apply:
When a managed device user visits China, they won't be able to use RBI in China unless they connect to a Prisma Access
China tenant. If China's internet censorship system allows, they can still
access their respective RBI instances, although the latency
could be high.
Similarly, if an RBI China user travels outside of China,
they won't be able to use RBI for the rest of the world
unless they connect to a Prisma Access tenant hosted outside of China.
