Fortinet white logo
Fortinet white logo

Prerequisites

Prerequisites

Before you deploy the Native Browser Isolation (NBI), perform the following preparation tasks:

  1. Make sure the deployment machine runs Microsoft Windows 10 (build 20H1 19041 or later) with one of the following browsers installed:

    • Google Chrome

    • Mozilla Firefox

    • Microsoft Edge

    You can also deploy the Native Browser Isolation on VMware with a minimum of 4 GB RAM and 2 CPUs (with Hardware virtualization enabled). Refer to the FortiProxy VMware vSphere Deployment Guide for more information.

  2. Contact the customer support or sales team to request the FortiNBI isolator image by referencing ticket ID 876947. You will need to upload the image during the Browser Isolation deployment.

  3. Install FortiProxy 7.4.1, which is required in order to install the FortiNBI application for browser isolation. For more information about installing FortiProxy, refer to the FortiProxy Release Notes.

  4. Install the following certificates, which can be downloaded from Certificate list under System > Certificates in the FortiProxy GUI:

    • FortiProxy CA certificate (Fortinet_CA_SSL)—This certificate is required for connection between the FNBI client system and the FortiProxy. Install the certificate in the browser on the local machine trusted root CA stores by selecting the Local Machine option.

    • FortiProxy server certificate—This certificate is defined in Proxy Settings > Web Proxy Setting > Default Server Certificate and is required for downloading the isolator image.

      By default, the Fortinet_Factory certificate is used, in which case you must install the whole certificate chain, including Fortinet_Sub_CA (as an intermediate CA) and Fortinet_CA (as a root CA).

      Alternatively, you can configure the web proxy to use a custom certificate that you create which is signed by Fortinet_CA_SSL:

      1. Go to System > Certificates and click Create/Import > Certificate.

      2. Click Generate Certificate.

      3. Specify the certificate settings as needed and click Create.

      4. Go to Proxy Settings > Web Proxy Setting and select the certificate you just created under Default Server Certificate.

    After the certificate installation, verify the trust on the client machine by downloading the isolator module manually using the following URL:

    https://<captive_portal_domain>:<captive _portal_https_port>/XX/YY/ZZ/wsl_installer

    The captive_portal_domainand captive _portal_https_port information can be found in Policy & Objects > Proxy Auth Setting.

    Note When the default server certificate is installed and used, if the captive portal domain does not match, a trust warning due to Common Name mismatch occurs, which you can ignore as the minimum requirements are met.

Prerequisites

Prerequisites

Before you deploy the Native Browser Isolation (NBI), perform the following preparation tasks:

  1. Make sure the deployment machine runs Microsoft Windows 10 (build 20H1 19041 or later) with one of the following browsers installed:

    • Google Chrome

    • Mozilla Firefox

    • Microsoft Edge

    You can also deploy the Native Browser Isolation on VMware with a minimum of 4 GB RAM and 2 CPUs (with Hardware virtualization enabled). Refer to the FortiProxy VMware vSphere Deployment Guide for more information.

  2. Contact the customer support or sales team to request the FortiNBI isolator image by referencing ticket ID 876947. You will need to upload the image during the Browser Isolation deployment.

  3. Install FortiProxy 7.4.1, which is required in order to install the FortiNBI application for browser isolation. For more information about installing FortiProxy, refer to the FortiProxy Release Notes.

  4. Install the following certificates, which can be downloaded from Certificate list under System > Certificates in the FortiProxy GUI:

    • FortiProxy CA certificate (Fortinet_CA_SSL)—This certificate is required for connection between the FNBI client system and the FortiProxy. Install the certificate in the browser on the local machine trusted root CA stores by selecting the Local Machine option.

    • FortiProxy server certificate—This certificate is defined in Proxy Settings > Web Proxy Setting > Default Server Certificate and is required for downloading the isolator image.

      By default, the Fortinet_Factory certificate is used, in which case you must install the whole certificate chain, including Fortinet_Sub_CA (as an intermediate CA) and Fortinet_CA (as a root CA).

      Alternatively, you can configure the web proxy to use a custom certificate that you create which is signed by Fortinet_CA_SSL:

      1. Go to System > Certificates and click Create/Import > Certificate.

      2. Click Generate Certificate.

      3. Specify the certificate settings as needed and click Create.

      4. Go to Proxy Settings > Web Proxy Setting and select the certificate you just created under Default Server Certificate.

    After the certificate installation, verify the trust on the client machine by downloading the isolator module manually using the following URL:

    https://<captive_portal_domain>:<captive _portal_https_port>/XX/YY/ZZ/wsl_installer

    The captive_portal_domainand captive _portal_https_port information can be found in Policy & Objects > Proxy Auth Setting.

    Note When the default server certificate is installed and used, if the captive portal domain does not match, a trust warning due to Common Name mismatch occurs, which you can ignore as the minimum requirements are met.