HRI Configuration from CLI

Policy Configurations:

CombinedDestination2 applies to the URLs configured to not be isolated.

CombinedDestination1 applies to the URLs configured to be isolated.

Test Results:

For the https://bbc.co.uk & https://support.broadcom.com URLs, we receive the "This page is not valid for High Risk Isolation" message, which is quite expected, as both URLs are not "uncategorized' and certainly not high-risk URLs. This test /result is really significant, as it shows that the HRI configurations are correct and that HRI works.

To further validate this, we were able to find Broadcom's test rating "Uncategorized" URL: http://uncategorized.dontrateme.com, and utilizing the same in policy and testing, we have the below.

With the http://uncategorized.dontrateme.com URL, we can see that it is uncategorized and accessible but not isolated. Again, this is expected because the risk level for this URL is "none", from the Proxy this implementation is done. So, the risk level isn't high, as required by the design of the HRI solution. See the below snippet, for reference. 

So, we certainly expect that with uncategorized URLs with high-risk levels 5 and above, isolation would happen successfully. Please for any suck URL(s) to be utilized in this implementation, ensure to test its/their categorization, from content filtering, and its/their risk level, from Threat Risk Level, on the Proxy where the implementation is done, to be correct,

Finally, from the health checks, we also confirm that isolation is active and running on the ProxySG appliance. See the below. See the highlighted service.