How Remote Browser Isolation Works
Focus
Focus
Remote Browser Isolation

How Remote Browser Isolation Works

Table of Contents

How Remote Browser Isolation Works

Learn how Remote Browser Isolation protects your users by offering a secure isolated browsing experience.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
Remote Browser Isolation (RBI) protects your managed users through isolation, by ensuring that websites load in a protected air-gapped environment and that no malicious code executes on the browser on their managed devices.
You can safeguard your users' browsing experience by taking the following steps during Remote Browser Isolation onboarding:
  • Create isolation profiles that determine what browser actions a user is permitted to take during an isolated browsing session. For example, you can prevent the user from copying, downloading, and printing anything from an isolated website. This way, you can minimize potential data loss when users try to copy, download, or print sensitive data from isolated websites.
  • Create or update a URL access management profile and attach the isolation profile to it. In the URL access management profile, you can set up access control for specific URL website categories that undergo isolation during browsing, and associate an isolation profile that defines the permitted browser actions for websites in those categories.
  • Set up additional Cloud-Delivered Security Services, such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and SaaS Security, and apply them to traffic from isolated browsing sessions.
RBI is available in the following Prisma Access locations:
  • Australia Southeast (Sydney)
  • Belgium
  • Finland
  • India South
  • Japan
  • Singapore
  • Taiwan
  • US-Central (Chicago)
  • US East
  • US West
Your users can connect to Prisma Access using Prisma Access Mobile Users or Prisma Access Remote Networks.

Isolation Browser Behavior

When users on managed devices connect to the Prisma Access infrastructure using the Mobile Users or Remote Networks connection method, they can browse a website in isolation if the website belongs to a URL category that you have designated for isolation.
Your managed users on the supported desktop and mobile devices can use the following 64-bit web browsers for isolated browsing. A — indicates that the operating system and browser combination is not supported.
Operating SystemFirefoxGoogle ChromeMicrosoft EdgeSafari
Android
iOS
iPadOS
macOS
Windows
URLs shown on the remote browser will look the same as the original URLs, with no prefixes added to the addresses. When a user tries to perform browser actions that you prohibited, RBI notifies them with pop-up notifications.
If the user accesses a link on a non-isolated website, the URL of the link is matched against isolation security policies for the connection method (GlobalProtect, Explicit Proxy, or Remote Networks). When there is a policy match, the browser session gets isolated.
When users encounter issues during isolated browsing, they can report the problem from the isolated browser.
You can apply any security profiles on Prisma Access to the traffic from RBI to the destination websites.
For information about the browsing experience on desktop and mobile devices, see Isolated Browsing Experience and Mobile Browsing Experience.

Supported File Types for Viewing Files in Isolation

The following types of file are supported for viewing in isolation browsing sessions:
  • Microsoft Word (.doc, .docm, .docx)
  • Microsoft Excel (.xls, .xlsm, .xlsx)
  • Microsoft PowerPoint (.ppt, .pptm, .pptx)
  • Adobe PDFs
The following file types are not supported for viewing in RBI:
  • OpenOffice Text (.odt)
  • OpenOffice Spreadsheet (.ods)
  • OpenOffice Presentation (.odp)
  • Ichitaro (.jtd)
  • Visio (.vsd, .vsdx)
  • Rich Text Format (.rtf)
  • CSV
  • Text (.txt)