GlobalProtect Clientless VPN
GlobalProtect Clientless VPN provides secure remote access to common enterprise web applications.
Users have the advantage of secure access from SSL-enabled web browsers without
installing the GlobalProtect software. This is useful when you need to enable partner or
contractor access to applications, and safely enable unmanaged assets, including
personal endpoints. You can configure the GlobalProtect portal landing page to provide
access to web applications based on users and user groups and also allow single-sign on
to SAML-enabled applications.
Clientless VPN acts as a reverse proxy and modifies web pages returned by the
published web applications. It presents a rewritten page to remote users and when they
access any of these URLs, the requests go through the GlobalProtect portal. This results
in the following:
Protection provided by the Same Origin Policy is not applied to pages
visited through Clientless VPN as the browser sees all pages to belong to the
same origin irrespective of their real origin.
The page rewriting logic may result in JavaScript behaving differently
from the intended manner.
We strongly recommend that you access only trusted pages through Clientless
VPN. If your use case requires access to untrusted websites, use
Prisma Access Browser instead.
The following topics provide information on how to configure and troubleshoot Clientless
VPN.
