GlobalProtect Portals Clientless Configuration Tab
to configure the GlobalProtect Clientless VPN settings on the portal as described in the following table.
GlobalProtect Portal Clientless Configuration Settings
Clientless VPNto specify general information about the Clientless VPN session:
If you use Network Address Translation (NAT) to provide access to the GlobalProtect portal, the IP address or FQDN you enter must match (or resolve to) the NAT IP address for the GlobalProtect portal (the public IP address).
Applications to User Mapping
Addone or more
Applications to User Mappingto match users with published applications. This mapping controls which users or user groups can use a clientless VPN to access applications. You must define the applications and application groups before mapping them to users (Network > GlobalProtect > Clientless Apps and Network > GlobalProtect > Clientless App Groups).
Addindividual users or user groups to which the current application configuration applies. These users have permission to launch the configured applications using a GlobalProtect clientless VPN.
You must configure group mapping (
) before you can select the groups.
Group Mapping Settings
In addition to users and groups, you can specify when these settings apply to the users or groups:
Addindividual applications or application groups to the mapping. The
Source Usersyou included in the configuration can use GlobalProtect clientless VPN to launch the applications you add.
Specify the authentication and encryption algorithms for the SSL sessions between the firewall and the published applications:
Server Certificate Verification
Enable which actions to take for the following issues that can occur when an application presents a server certificate:
Adda proxy server. Specify these settings if users need to reach the applications through a proxy server. With this configuration, the GlobalProtect portal must use the proxy server to access the published applications.
Adddomain names, host names, or IP addresses to the
Rewrite Exclude Domain List. The clientless VPN acts as a reverse proxy and modifies pages returned by the published applications. When a remote users accesses the URL, the requests go through the GlobalProtect portal. In some cases, the application may have pages that do not need to be accessed through the portal. Specify domains that should be excluded from rewrite rules and cannot be rewritten.
Paths are not supported in host and domain names. The wildcard character (*) for host and domain names can only appear at the beginning of the name (for example, *.etrade.com).
Configure Clientless VPN
Configure Clientless VPN To configure GlobalProtect Clientless VPN : Before you begin: Install a GlobalProtect subscription on the firewall that hosts the Clientless VPN from ...
Clientless VPN Overview
Clientless VPN Overview When you configure Clientless VPN, remote users can log in to the GlobalProtect portal using a web browser and launch the web ...
GlobalProtect Clientless VPN
GlobalProtect Clientless VPN GlobalProtect Clientless VPN provides secure remote access to common enterprise web applications. Users have the advantage of secure access from SSL-enabled web ...
Network > GlobalProtect > Clientless Apps
Network > GlobalProtect > Clientless Apps Select Network GlobalProtect Clientless Apps to add applications that are accessible through the GlobalProtect Clientless VPN. You can add ...
Install Content and Software Updates
Install Content and Software Updates To ensure that you are always protected from the latest threats (including those that have not yet been discovered), you ...
Network > GlobalProtect > Clientless App Groups
Network > GlobalProtect > Clientless App Groups Select Network GlobalProtect Clientless App Groups to group applications that are accessible through the GlobalProtect Clientless VPN. You ...