When you configure GlobalProtect Clientless VPN, remote users can log in to the GlobalProtect portal using a web browser and launch the web applications you publish for the users. Based on users or user groups, you can allow users to access a set of applications that you make available to them or allow them to access additional corporate applications by entering a custom application URL.

After logging in to the portal, users see a published applications page with the list of web applications that they can launch. You can use the default applications landing page on the GlobalProtect portal or create a custom landing page for your enterprise.

Because this page replaces the default portal landing page, it includes a link to the GlobalProtect app download page. If configured, users can also select Application URL and enter URLs to launch additional unpublished corporate web applications.

When you configure only one web application (and disable access to unpublished applications), instead of taking the user to the published applications page, the application will launch automatically as soon as the user logs in. If you do not configure GlobalProtect Clientless VPN, users will see the app software download page when they log in to the portal.

When you configure GlobalProtect Clientless VPN, you need security policies to allow traffic from GlobalProtect endpoints to the security zone associated with the GlobalProtect portal that hosts the published applications landing page and security policies to allow user-based traffic from the GlobalProtect portal zone to the security zone where the published application servers are hosted. The security policies you define control which users have permission to use each published application.