Professional Documents
Culture Documents
Browser Isolation New FMD - V2 (Jul2023)
Browser Isolation New FMD - V2 (Jul2023)
Browser Isolation New FMD - V2 (Jul2023)
Agenda
2 ©2022 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION SECURING YOUR DIGITAL TRANSFORMATION
© 2022 Zscaler, Inc. All rights reserved.
Browser isolation allows content to be accessed without the risk
SaaS Data
Internet Public Cloud Center
Sanctioned
Application and
Data Protection
Cyber Threat
Protection Safe Pixel Streaming
Managed BYOD/Unmanaged
Endpoints Endpoints
Employees Employees, Third-party
ALLOW BLOCK
SaaS Data
Internet Public Cloud Center
Sanctioned
Protection from
Cyber Threats Safe Pixel Streaming
Third-party
Employees’
partners/ Secure access w/o Provide flexibility,
requiring an agent boost productivity BYOD
contractors
Isolation
M&A VDI
Accelerate Reduce complexity,
time-to-value TCO for web apps
URL / Web Filtering App Segmentation Tenant Restrictions Cloud DLP Inline CASB
Security Controls
© 2022 Zscaler, Inc. All rights 25
reserved
User Portal 2.0
The Original Problem
Customer DC
ZIA ZIA
ZPA ZIA
28 ©2022 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Securing your digital transformation © 2022 Zscaler, Inc. All rights reserved
Architecture - Traffic Flow & Authentication
29 ©2022 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Securing your digital transformation © 2022 Zscaler, Inc. All rights reserved
Isolating Private Web Applications
1. Configure application for browser access 2. Create an Isolation Policy
https://Apache.supportian.co,in https://Apache.supportian.co,in
Unmanaged ZPA Exporter ZPA Service Edge App Connector Web Application
Endpoint Isolation Browser
1. User accesses 1.ZPA Exporter 1. The Isolated 1.ZPA Service Edge Application is accessed via the App
the “private web” authenticates the container establishes brokers the connector.
application. user. the M-Tunnels to the connection.
2.The domain Zpa Service Edge.
resolves to the 2. Executes the 2. Checks if the 2. Executes the
exporter IP Isolation policies webpage being Access Policies.
address. and redirects the accessed is a ZPA
3. Browser user to an application. -
connects to isolation session. 3. If Yes,Forwards the
exporter. request through the
M- tunnel.
Domain
https://salesforce.supportian.co,in Transformation https://zscaler70-dev-
ed.my.salesforce.com
1. User accesses 1.ZPA Exporter 1. The Isolated container 1.ZIA Receives the pre-
the “Alias authenticates the establishes the M-Tunnels to authenticated request.
Domain” user. the Zpa Service Edge. 2. Enforces the
2.The domain 2. The isolated browser policies(URL filtering,
resolves to the 2. Executes the accesses the “SaaS Domain” DLP, Cloud app etc) and
exporter IP Isolation policies 3. Checks if the webpage logs the same.
address. and redirects the being accessed is a ZPA 3. Forwards the traffic to
3. Browser user to an application. the SaaS App.
connects to isolation session. 4. If No, Forwards the request
exporter. to ZIA.
ZIA-ISO-ADV-PLUS ZPA-ISO-ADV-PLUS
ZS-DP-ISO-SAAS-ADV-PLUS
ZS-DP-ISO-SAAS-ADV-PLUS ZS-DP-ISO-SAAS-ADV-PLUS
ZIA Customer,
Has
needing User Portal 2.0
ZPA Platform
for SaaS Data Protection
London
Cincinnati Frankfur
Paris t
San
Francisco Washington DC
Tel Aviv Tokyo
UAE Hongkon
Mumbai
Hyderabad g
Singapor
e
38 ©2022 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Securing your cloud transformation © 2022 Zscaler, Inc. All rights reserved.
Isolation: Enhancing Protection and Boosting Productivity
Internet - Sanctioned SaaS and
Web, Email URLs and Files Corporate Private Apps
©2022 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION SECURING YOUR DIGITAL TRANSFORMATION