Isolation in an End User’s Browser
Isolation in an End User’s Browser
Whenever there is a match for a given web page with a policy with the action “isolate” the web page is sent to RBI for isolation and the user gets the isolated (pixel rendered) version of the requested web page. The end user will have a seamless experience, similar to browsing the original web page.
There will be some minor differences in the isolated browsing experience, such as:
- Initially, while the page is being prepared for isolation, users will see a Netskope Logo and the Tab title “Remote Browser Isolation”.
- Once rendered, they will see a star [ * ] prefix in their browser’s tab title.
- User actions are disabled to limit the interaction between the user and the isolated web page for enhanced malware protection and data exfiltration.
The list of disabled and limited actions:
- Colored frame – isolation indicator
- Pop-up message – isolation indicator
- File downloads – user action control (Controlled GA)
- File uploads – user action control (Controlled GA)
- Clipboard – user action control (limited to copy and paste in isolated web pages)
Tip
You can find a list of all available options with descriptions when creating RBI Templates. To learn more: RBI Templates
Warning Messages
Whenever a user tries to perform any of the limited functions they will see a warning messages similar to the following:
For downloads:
For the clipboard:
RBI Language Configuration
RBI supports different languages for all standard messages shown to users by RBI: Warning Messages, Pop-up isolation indicators, Error Messages, and Templates.
RBI language for standard messages is configured according to the user’s browser language configuration:
- German (de, de-*)
- Spanish (es, es-*)
- English (default, all other language configurations)
e.g. RBI users that have their browser configured in German /(de-*) will automatically see all RBI standard messages in German:
Read-Only User Action Control
Read-Only prevents the phishing threats by blocking any text input into the isolated page (i.e. typing or pasting from the clipboard) while browsing in isolation. Admins enable Read-Only leveraging RBI templates, and apply them to isolation policies.
End users are notified they are browsing a Read-Only page in isolation and they will see the read-only indicators. In addition, end users will see a warning message if they try to enter any text.
Users can drag-and-drop to move elements inside the same isolated web page (isolated tab).
Read-Only Isolation Indicator Control
Netskope enables all isolation indicators by default in an RBI template when the Read-Only user action control is enabled, reflecting the expected behavior for end users. These Isolation indicators are not editable (greyed out) if Read-Only is enabled: Asterisk prefix, Colored Frame, and Toast (Warning Message).
Therefore, if you select Read-Only as a User Action, all Isolation Indicators are enabled and grayed out (not editable).
Admins can uncheck the Read-Only control and the Isolation Indicators remain enabled and admins can disable or enable without restrictions.
Default Limits for Browser Tabs
This feature enhances the user experience when users hit any of the predefined limits that prevent them from opening a webpage in isolation in a new tab.
RBI will show an error page warning the user about the problem and allowing user actions to open an isolated webpage in a new tab, such as closing existing individual isolated tabs or groups of isolated tabs.
RBI has different default limits. Error page appearance and behavior depends on the limit reached:
- Resource Consumption Limit
- Sessions Limit
Resource Consumption Limit
When the RBI container assigned to the user is using more than 80% of its resources, it will prevent opening an isolated webpage in a new tab. Instead, it will show an error page presenting all the tabs the user is currently browsing in isolation, grouped by the user’s browser.
To free resources and allow opening a new tab, the user can:
- Close individual isolated tabs
- Close all isolated tabs from the same user’s browser
After you close an individual or group of tabs, you may be prompted to refresh the page to view the content as shown below.
Sessions Limit
A user can browse up to three different sessions simultaneously. A session groups all tabs corresponding to the same user’s browser engine. If a user wants to isolate a webpage in a 4th distinct browser, a warning page displays to close active sessions before opening a new one.
If the user tries to open a new one, a page similar to the following displays: