Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Browser Isolation Deployment

    Home FortiProxy 7.2.0 Browser Isolation Deployment
    7.2.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0

    Installing the FortiNBI application

    Installing the FortiNBI application

    When a FortiProxy user with a matching policy that has the isolator profile attempts to access a website on a machine without the FortiNBI service running, the user will see the following prompt page with a download link to the FortiNBI installer.

    To install the FortiNBI application:

    1. Click the FortiNBI installer link on the browser isolation replacement page to download the installer.

    2. Run the installer with an administrator account:

      1. Files are unpacked to the installation folder, by default C:\Program Files (x86)\Fortinet\FortiNBI.

      2. The FortiNBI GUI is registered as a task that runs automatically every time that a user logs on.

    3. FortiNBI starts automatically, followed by isolator and extension installations:

      1. FortiNBI checks if the system has Windows Subsystem for Linux (WSL) and Virtual Machine Platform enabled. If not, the installer will automatically enable and configure it.

      2. The isolator image is downloaded from the FortiProxy's HTTP portal, extracted to a temporary folder, imported to the system, and then the temporary files are removed.

      3. After the installation procedure finishes, restart the browser (if the browser is already open) for the FNBI extension to be installed. Reboot Windows when requested.

    4. When required, the client will receive an RDP pop-up window for isolation.

    5. To avoid certificate warnings, install the FortiProxy CA certificate in the browser on the machine with the Local Machine option selected.

      You can download the CA certificate in the following ways:

      • In the FortiProxy GUI, download the CA certificate from the Certificate list page under System > Certificates.

      • In the FortiProxy CLI, run the following command to download the CA certificate:

        exe vpn certificate <store> export tftp <CA name> <export format> <filename in tftp server> <tftp server address>

        where store is local for default CA certificate.

        For example, exe vpn certificate local export tftp FTNT_CA_SSL cer FTNT_CA 0.0.0.0

    Previous
    Next

    Installing the FortiNBI application

    Installing the FortiNBI application

    When a FortiProxy user with a matching policy that has the isolator profile attempts to access a website on a machine without the FortiNBI service running, the user will see the following prompt page with a download link to the FortiNBI installer.

    To install the FortiNBI application:

    1. Click the FortiNBI installer link on the browser isolation replacement page to download the installer.

    2. Run the installer with an administrator account:

      1. Files are unpacked to the installation folder, by default C:\Program Files (x86)\Fortinet\FortiNBI.

      2. The FortiNBI GUI is registered as a task that runs automatically every time that a user logs on.

    3. FortiNBI starts automatically, followed by isolator and extension installations:

      1. FortiNBI checks if the system has Windows Subsystem for Linux (WSL) and Virtual Machine Platform enabled. If not, the installer will automatically enable and configure it.

      2. The isolator image is downloaded from the FortiProxy's HTTP portal, extracted to a temporary folder, imported to the system, and then the temporary files are removed.

      3. After the installation procedure finishes, restart the browser (if the browser is already open) for the FNBI extension to be installed. Reboot Windows when requested.

    4. When required, the client will receive an RDP pop-up window for isolation.

    5. To avoid certificate warnings, install the FortiProxy CA certificate in the browser on the machine with the Local Machine option selected.

      You can download the CA certificate in the following ways:

      • In the FortiProxy GUI, download the CA certificate from the Certificate list page under System > Certificates.

      • In the FortiProxy CLI, run the following command to download the CA certificate:

        exe vpn certificate <store> export tftp <CA name> <export format> <filename in tftp server> <tftp server address>

        where store is local for default CA certificate.

        For example, exe vpn certificate local export tftp FTNT_CA_SSL cer FTNT_CA 0.0.0.0

    Previous
    Next