When you configure GlobalProtect Clientless VPN, remote
users can log in to the GlobalProtect portal using a web browser
and launch the web applications you publish for the users. Based
on users or user groups, you can allow users to access a set of
applications that you make available to them or allow them to access
additional corporate applications by entering a custom application
URL.
Clientless VPN is not supported on firewalls with multiple
virtual systems if the Clientless VPN traffic must traverse multiple virtual
systems.
After logging in to the portal, users see a published applications
page with the list of web applications that they can launch. You
can use the default applications landing page on the GlobalProtect
portal or create a custom landing page for your enterprise.
Because this page replaces the default portal landing page, it
includes a link to the GlobalProtect app download page. If configured,
users can also select Application URL and
enter URLs to launch additional unpublished corporate web applications.
When you configure only one web application (and disable access
to unpublished applications), instead of taking the user to the
published applications page, the application will launch automatically
as soon as the user logs in. If you do not configure GlobalProtect
Clientless VPN, users will see the app software download page when
they log in to the portal.
When you configure GlobalProtect Clientless VPN, you need security
policies to allow traffic from GlobalProtect endpoints to the security zone
associated with the GlobalProtect portal that hosts the published
applications landing page and security policies to allow user-based
traffic from the GlobalProtect portal zone to the security zone
where the published application servers are hosted. The security
policies you define control which users have permission to use each
published application.