Using the latest versions of Safari, iPad or iPhone and attempting to access any webpage through Web Isolation results in an non isolated webpage.
On-premise Web isolation and Cloud Web isolation
In the latest version of Safari, iPad or iPhone the user-agent string is no longer being forwarded for HTTPS traffic to configured downstream proxies. The result is that when the CONNECT request is received by Web Isolation the verdict will be BYPASS as we are unable to determine if the request originated from a web browser due to no user-agent being supplied.
1. Browse to the Management console
2. Navigate to Policies > My Policy
3. Create a new rule
4. Add a Request Filter
a. Method: Connect
b. Add Header Criteria
i. Header Name: User-Agent
ii. Match header if: Header name doesn’t exist
5. Set the Action to Inspect
6. Click the Create button to create the rule
7. Re-order the new rule so it the first rule at the top
8. Push settings