Cloufare Remote Browser Isolation

  1. Can Cloufare Remote Browser Isolation work with HTTPS traffic ?

  2. We have an on-premise Next Generation Firewall that inspects HTTPS traffic that works by installing its self-signed certificate on our browser. Is Cloudfare Remote Browser Isolation for HTTPS traffic compatible ( in series ) with our NGFW ?.

  3. Do we need to install both NGFW’s certificate and Cloudfare’s certificate in our browser ?

Thank you.

Yeah, this is why you need to install CF cert to MITM the SSL traffic.

Good question, I’m not too sure, however, I’d like to think it can be set up to work along with your on-premise firewall.

If @kyouhei has some time and comes online in the forum, he might have a better response; he has answered some questions that I had with RBI in the past.

Thank you.

So there is a stand-alone browser isolation option today. I think it is meh… but would it work? Probably. I don’t see why it wouldn’t. But to get the maximum utility out of Cloudflare’s RBI it would likely be as a replacement to your current solution (and / or) you’d use bypass rules in the current setup to use Teams client instead.

1 Like

If the on-premise NGFW and Cloudfare perform MITM in series, would each of them see the other as the imposter and contradict each other ?

It would be best to set up a teams zone and try that by yourself. If it doesn’t work and you believe there is a technical limitation, an enterprise contract might help you out.

I use Teams and MITM the traffic (sometimes) to debug requests of our programs; everything seems to work fine; however, we don’t use RBI.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.