I use the “Tidbit” subject line to denote a snippet of text I’ve found useful in understanding or communicating a particular topic for customers. Here’s how I boiled down Cloud Browser Isolation (CBI) setup and signal flow for my PoC customer. Does this work for you?
- Define a location in ZIA pertaining to a dedicated proxy port (DPP) in Zscaler’s infrastructure
- Define a PAC file in your ZIA console that directs all traffic to this dedicated port
- Create a profile in the Cloud Browser Isolation (CBI) user interface that references the new PAC file
- Copy the Isolation URL from the profile you created in step 3
- Make a URL rule(s) for sites to be isolated, with the “action” set to block and the “Redirect URL” set to the Isolation URL you copied from step 4.
- Make another rule, above the isolation rule, that allows all traffic from the dedicated proxy port location you defined in step 1. This is necessary to avoid a redirection loop, which would look to users like a “sorry, we’ve encountered an error” message from Zscaler.
To recap the recap:
- User asks for www.gmail.com
- ZIA blocks the request. The blocking rule redirects the request to the isolation url from step 3 above.
- The isolation platform retrieves www.gmail.com using ZIA, fetching it from the dedicated proxy port referenced in step 1
- ZIA allows the request because it’s coming by way of the DPP location
- The page is rendered in isolation and the user is happy