Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSASE Administration Guide

    RBI

    RBI

    To mitigate web-based threats for end users proxying traffic through FortiSASE, you can enable remote browser isolation (RBI) to isolate browser sessions of certain websites or categories in an isolated environment, which renders content safely in a remote container.

    Note

    RBI is a beta feature that is not enabled by default on new instances. It has several constraints and is subject to continual improvements.

    Also, it requires a FortiSASE instance with an Advanced remote users FortiSASE license. See Licensing.
    Note

    Each user is entitled to a maximum number of simultaneous isolated sessions and isolation data per month. When the limit is exceeded, traffic configured to be isolated will be blocked. See Licensing.

    Currently, RBI is supported for SWG users.

    Prerequisites

    The following requirements must be met for the feature to be available in the GUI:

    • A request for enabling the RBI beta feature for the existing FortiSASE instance has been made by creating a new ticket with FortiCare Support.

    • The FortiSASE instance has an Advanced remote users license applied to it.
    • The FortiSASE deployment is deployed in a Fortinet data center only (see Global data centers).

    • SWG is enabled under System > SWG Configuration. See SWG Configuration.

    Licensing

    The FortiSASE instance must have an Advanced remote users license applied to it. For RBI limitations with an Advanced license, see RBI.

    Configuration options

    When you enable RBI, the following configuration options are available:

    Maximum sessions per endpoint

    Maximum number of concurrent RBI sessions allowed for each user. Default is 5. Valid range is 1-5.

    Authentication interval (hours)

    Interval (in hours) after which users will be prompted to re-authenticate for any isolated traffic and web requests.
    Stream Quality

    Quality of streamed videos. Higher quality means more bandwidth usage.

    Allow endpoint browser cookie

    Specifies whether to allow users to store cookies from isolated browser sessions.
    Allow copy & paste

    Specifies whether to allow client users to copy and paste content from isolated sessions to the clipboard using the keyboard or right-click menu.

    To enable copying content from isolated sessions using the right-click menu, the Allow right-click option must be enabled.
    Allow right-click

    Specifies whether to allow end users to right click on mouse to display a menu.
    Allow print to PDF

    Specifies whether to allow end users to print the isolated session pages into a PDF file.
    Block uploads/downloads by filetype Enable to select the file types to block from uploading and downloading.
    • doc; docx
    • exe
    • mp3
    • pdf
    • png
    • ppt; pptx
    • txt
    • xls; xlsx

    You can also add more file types by clicking the Add button.

    See Example: Configuring RBI with SWG for an end-to-end example of configuring FortiSASE to isolate all traffic to domain parking websites from all SWG users.

    Previous
    Next

    Related Videos

    sidebar video

    FortiSASE - Remote Browser Isolation

    • 805 views
    • 6 months ago

    RBI

    RBI

    To mitigate web-based threats for end users proxying traffic through FortiSASE, you can enable remote browser isolation (RBI) to isolate browser sessions of certain websites or categories in an isolated environment, which renders content safely in a remote container.

    Note

    RBI is a beta feature that is not enabled by default on new instances. It has several constraints and is subject to continual improvements.

    Also, it requires a FortiSASE instance with an Advanced remote users FortiSASE license. See Licensing.
    Note

    Each user is entitled to a maximum number of simultaneous isolated sessions and isolation data per month. When the limit is exceeded, traffic configured to be isolated will be blocked. See Licensing.

    Currently, RBI is supported for SWG users.

    Prerequisites

    The following requirements must be met for the feature to be available in the GUI:

    • A request for enabling the RBI beta feature for the existing FortiSASE instance has been made by creating a new ticket with FortiCare Support.

    • The FortiSASE instance has an Advanced remote users license applied to it.
    • The FortiSASE deployment is deployed in a Fortinet data center only (see Global data centers).

    • SWG is enabled under System > SWG Configuration. See SWG Configuration.

    Licensing

    The FortiSASE instance must have an Advanced remote users license applied to it. For RBI limitations with an Advanced license, see RBI.

    Configuration options

    When you enable RBI, the following configuration options are available:

    Maximum sessions per endpoint

    Maximum number of concurrent RBI sessions allowed for each user. Default is 5. Valid range is 1-5.

    Authentication interval (hours)

    Interval (in hours) after which users will be prompted to re-authenticate for any isolated traffic and web requests.
    Stream Quality

    Quality of streamed videos. Higher quality means more bandwidth usage.

    Allow endpoint browser cookie

    Specifies whether to allow users to store cookies from isolated browser sessions.
    Allow copy & paste

    Specifies whether to allow client users to copy and paste content from isolated sessions to the clipboard using the keyboard or right-click menu.

    To enable copying content from isolated sessions using the right-click menu, the Allow right-click option must be enabled.
    Allow right-click

    Specifies whether to allow end users to right click on mouse to display a menu.
    Allow print to PDF

    Specifies whether to allow end users to print the isolated session pages into a PDF file.
    Block uploads/downloads by filetype Enable to select the file types to block from uploading and downloading.
    • doc; docx
    • exe
    • mp3
    • pdf
    • png
    • ppt; pptx
    • txt
    • xls; xlsx

    You can also add more file types by clicking the Add button.

    See Example: Configuring RBI with SWG for an end-to-end example of configuring FortiSASE to isolate all traffic to domain parking websites from all SWG users.

    Previous
    Next