---
title: "Enterprise Browser"
slug: "enterprise-browser"
updated: 2026-04-07T09:05:21Z
published: 2026-04-07T09:05:21Z
canonical: "support.perimeter81.com/enterprise-browser"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise Browser

The Enterprise Browser is a Chromium-based browser integrated with Check Point Harmony. It is built on the SURF Security application. It can be used independently or as an extension within the Check Point SASE environment. The browser provides enhanced security features, including support for Zero Trust Network Access (ZTNA) and Single Sign-On (SSO) integration with Check Point platforms.

Enterprise Browser supports both managed and unmanaged devices, providing more flexibility and capabilities.

To access the **Enterprise****Browser** page, access the Check Point SASE Administrator Portal and click **Enterprise** **Browser**. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1770879494517.png)

For additional details, see the [SURF Support and Document Portal](https://surfsecurity.notion.site/Support-and-Document-portal-803de4d2b2f94456b26a4659552b8114).

## Key Capabilities

- Data Isolation - Secure browser container isolates corporate data from device OS.
- DLP Controls - Block uploads, downloads, copy and paste, print, and screen capture. Files can be encrypted and scanned before access. Watermarks deter screen capture. Password managers are blocked and credentials are never stored locally.
- Agentless Device Posture Check - Validates AV, disk encryption, OS, and running processes without installing agents. Ideal for unmanaged devices.
- Full Session Visibility and Auditing - Logs navigation, usage, keystrokes, and system metrics. Supports audit, compliance, and incident response. Monitoring is role-based and context-aware. Defends against MITM attacks on insecure networks.

## Use Case

- Third-Party Contractors - Grant temporary access with download restrictions, session termination, and activity monitoring.
- BYOD Compliance - Enforce HIPAA, GDPR, and NIS2 compliance with data isolation and audit logging.
- Short-Term Access - Enable secure access without provisioning devices for projects or Mergers and Acquisitions (M&A).
- Privileged Users - Restrict tool usage and monitor activity for developers, admins, and support teams.

## Prerequisites

Admin access to both the SURF Security platform and the Infinity Portal.

## Configuring Enterprise Browser

### Step 1: Creating an Application Access Policy

1. Access the Check Point SASE Administrator Portal and click **Private****Access**> **Application****Policies**.
2. Click **Add****Policy**.  
The **Add****New****Policy**page appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1754461125128.png)
3. Enter these:
  1. **Policy****Name**- Name of the policy.
  2. **Logical****Operator**:
    - From the **Policy****Action**list, select either of these:
      - **Allow**
      - **Deny**
    - From the list, select one of these:
      - **When all match** – The policy is considered compliant only if all defined rules are met.
      - **When some match** – The policy is considered compliant if at least one defined rule is met.
4. To add the rules for the policy, click **Add Rule** and select **Browser**.  
The **Rules** section appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1754463929290.png)
5. From the **Browser**list, select **Harmony Enterprise Browser**.
6. Click **Save**.

### Step 2: Defining Application Policy

1. Go to **Private****Access** > **Applications**.
2. Click **Add****Application**.  
The **Add****application** window appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1754544575904.png)
3. Specify these:
  1. **Application Name**
  2. **Protocol:**
    - ******HTTPS**
    - **RDP**
    - **SSH**
    - **VNC**
  3. **Host**
  4. **Port**
  5. **Network**
  6. **Groups ad Members**
  7. **Policy Name** - Select the policy name that you created in **Step 3.a** while [Creating an Application Access Policy](/v1/docs/enterprise-browser#step-1-creating-an-application-access-policy).  
For information on how to Add Application, see [How to create an Application](/v1/docs/how-to-add-an-http-https-application).
4. Click **Apply**.  
The system lists the application in the **Applications** page and enables it by default.

### Step 3: Accessing the Admin Console of Enterprise Browser

1. Access the Check Point SASE Administrator Portal and click **Enterprise** **Browser**.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/EnterpriseBrowserOverview.PNG)
2. Click **Open****Console**.  
The Enterprise Browser Admin Console is launched.
3. Sign in through SSO.  
Note - Only users with admin role can access the console.

### Step 4: Downloading the Enterprise Browser

1. Access the Check Point SASE Administrator Portal and click **Devices**> **Downloads**.
2. Click the **Enterprise Browser******tab.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1754465989079.png)
3. Do one of these:
  - Click **Download**.  
The system downloads an EXE file.
  - Click **Copy Link** to copy the download link. Share the link with members.