GlobalProtect Clientless VPN is now available! Clientless
VPN provides secure remote access to common enterprise web applications that
of secure access from SSL-enabled web browsers without installing GlobalProtect
client software. This is useful when you need to enable partner
or contractor access to applications, and to safely enable unmanaged
assets, including personal devices.
can configure the GlobalProtect portal landing page to provide access to
web applications based on users and user groups and also allow single-sign
on to SAML-enabled applications. Supported operating systems are
Windows, Mac, iOS, Android, Chrome, and Linux. Supported browsers
are the latest versions of Chrome, Internet Explorer, Safari, and
This feature also requires you to install a GlobalProtect
subscription on the firewall that hosts the Clientless VPN from
the GlobalProtect portal. You also need the
you configure Clientless VPN, remote users can log in to the GlobalProtect
portal using a web browser and launch the web applications you publish for
the user. Based on users or user groups, you can allow users to
access a set of applications that you make available to them, or
allow them to access additional corporate applications.
Make sure you have a GlobalProtect subscription
GlobalProtect Clientless VPN
updates needed to use this feature.
Configure the Clientless VPN applications and applications
groups. The GlobalProtect portal displays these applications on
the landing page that users see when they log in.
Configure the GlobalProtect Portal to provide the Clientless
Map users and user groups to applications. This mapping
controls which applications users or user groups can launch from
a GlobalProtect Clientless VPN session. For information on qualified applications,
see Supported Technologies.
Specify the security settings for a Clientless VPN session.
These settings control the authentication and encryption
algorithms for the SSL sessions between the firewall and the published
If you need to reach the applications through a proxy server,
specify one or more proxy server configurations to access the applications.
Specify any special treatment for application domains. In
some cases, the application may have pages that do not need to be accessed
through the portal.
Configure a Security policy rule to enable users to access
the published applications.