Create a new RBI profile

Sign in to Forcepoint Remote Browser Isolation.

Go to RBI Profile.

Click the Add Profile button above the table to open the Add Profile widget.

Enter the Profile Name and Description.

Note: The Profile Name is required. The profile cannot be saved without a name.

Under Secure Rendering, select the Context Menu type from the drop-down menu. Select the Browser Context Menu for more native browsing experience. Select the FP RBI Context Menu for stricter security control.

Note: Forcepoint recommends the use of the FP RBI Context Menu when CDR is enabled. Enable the Browser Context Menu when necessary for productivity application shortcuts. The Browser Context Menu's Save As option will bypass RBI's CDR file processing and should only be used on trusted sources.

Under Clipboard Control, click the toggle switch to disable the Endpoint to Remote Browser option.

Note: Endpoint to Remote Browser option is enabled by default. It allows users to perform copy and paste action from endpoint to remote browser. The maximum number of characters that can be copied and pasted is 7000.

Click the toggle switch to disable the Remote Browser to Endpoint option.

Note: Remote Browser to Endpoint option is also enabled by default. It allows users to perform copy and paste action from remote browser to endpoint.

Under Advertisement Control, click the toggle switch to enable or disable the Block Advertisement option.

Note:

By default, the Block Advertisement option is disabled.
When this option is enabled, the advertisements are blocked on the isolated page.
To display the number of ads that are blocked for a user, the Ads Blocked column is added in the table under the Browse Activity Summary section, in the Dashboard > Web Security tab.

Under Browser – Preferences, select the TLS Error Policy type from the drop-down menu. The TLS Error Policy specifies the behavior of the Isolation browser when it navigates to a website with an invalid TLS certification.

Under File Downloads, enter the relevant information:

Allow Downloads: Enable this option to allow users to download files.
Max Download File Size Limit (in KB): Enter the maximum file size for downloads in kilobytes. The maximum allowed file size is 50000 KB (50 MB).
Allowed (or Denied) file type(s): Choose to Allow or Deny specific file types from downloading. Leave all as the only option to allow or deny all file types, or enter one or more file types into the field (all will be ignored if at least one file type is listed). For example, if you enter .exe,.doc, then EXE and DOC file types only will be allowed or denied.
Approved Policy for Download: Choose the file download policy option:
- Forcepoint ZT CDR: During download, files will be scanned and sanitized using Forcepoint ZT CDR technology.
- OPSWAT CDR: During download, files will be scanned and sanitized using the OPSWAT Deep CDR technology.
- AV Scan: File downloads are scanned by antivirus only.
- NoScan: File downloads are not scanned.
Note: OPSWAT CDR option is visible in the file download policy even if, it is not configured. If RBI administrator selects this option, an error message is displayed saying the configuration is not saved. For more information about OPSWAT Configuration, see Settings.
Allow Downloads of CDR Unsupported Files after Performing AV Scan: After performing AV Scan, enable this option to download files that are not supported by OPSWAT or Forcepoint ZT CDR. If you do not want to download the files, disable this option.

Under File Uploads, enter the relevant information:

Allow Uploads: Enable this option to allow users to upload files.
Max Upload File Size Limit (in KB): Enter the maximum file size for individual uploads in kilobytes. The maximum allowed file size is 400000 KB (400 MB).
Approved Policy for Upload: Choose the file upload policy option:
- Forcepoint ZT CDR: During upload, files will be scanned and sanitized using Forcepoint ZT CDR technology.
- OPSWAT CDR: During upload, files will be scanned and sanitized using OPSWAT Deep CDR technology.
- NoScan: File uploads are not scanned.
Note: OPSWAT CDR option is visible in the file upload policy even if, it is not configured. If RBI administrator selects this option, an error message is displayed saying the configuration is not saved. For more information about OPSWAT Configuration, see Settings.
Allow Upload for CDR Unsupported Files: Enable this option to upload files that are not supported by OPSWAT or Forcepoint ZT CDR.

Under Printing, click the toggle switch to enable or disable the printing option.

Note:

By default, the printing option is disabled.
When this option is enabled, a user or user group can perform a print action.
When this option is disabled, a user or user group cannot perform a print action. If a user or user group tries to perform a print action, an error message that states “Print action is restricted by your organization’s policy. Please contact your administrator for more information” is displayed.

Click Save. The profile is saved and it opens with a new tab: Isolation Attributes.

In the Safe Surf section, select the Threat Score threshold. If the threat score for a web page is more than the threshold, then the page is rendered in a 'read-only' mode where hyperlinks and navigation work, but entering data into text fields and file uploads and downloads are not allowed.

Click Save.

(Standalone Forcepoint RBI deployments only) Configure Categories Selection:

In the Categories Selection section, click the + icon. A new row is added to the table.
In the Category column, enter the category name.
Select whether the category should be Isolated or Blocked.
In the Action column, click the save icon.

(Standalone Forcepoint RBI deployments only) Configure URL Selection:

In the URL Selection section, click the + icon. A new row is added to the table.
In the URL column, enter the full URL for the website.
Select whether the URL should be Isolated or Blocked.
In the Action column, click the save icon.

Create a new RBI profile

Steps