GlobalProtect — Clientless VPN

Prisma Access

GlobalProtect — Clientless VPN

Table of Contents

GlobalProtect — Clientless VPN

Configure Clientless VPN to provide secure access to common enterprise web applications from SSL-enabled web browsers.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
Clientless VPN enables secure remote access to enterprise applications from SSL-enabled web browsers. With Clientless VPN, end users are not required to install the GlobalProtect app software on their endpoints, which is useful when you need to enable partner or contractor access to applications and safely enable unmanaged assets, including personal endpoints.
Use the following steps to set up Clientless VPN for Prisma Access:
  1. Go to
    Prisma Access Setup
    GlobalProtect Setup
    Clientless VPN
    Add Applications
  2. Enable Clientless VPN
  3. Add Clientless VPN rules.
    Specify the users and applications that can use Clientless VPN.
  4. If users need to reach the applications through a proxy server,
    Add Proxy
    Only basic authentication to the proxy is supported (username and password). You can add multiple proxy server configurations, one for each set of domains. Some of the settings to add include:
    • Domains
      —Add the domains served by the proxy server. You can use a wild card character (*) at the beginning of the domain name to indicate multiple domains.
    • Enable Proxy
      —Assign a proxy server to provide access to the domains
    • Server
      —Specify the IP address or host name of the proxy server.
    • Port
      —Specify a port for communication with the proxy server.
    • User and Password
      —Specify the User and Password credentials needed to log in to the proxy server. Specify the password again for verification.
  5. Modify the default
    Crypto Settings
    to specify the authentication and encryption algorithms for the SSL sessions between Prisma Access and the applications using Clientless VPN.
  6. Add domains to the
    Rewrite Exclude Domain List
    The Clientless VPN acts as a reverse proxy and modifies web pages returned by the published web applications. It rewrites all URLs and presents a rewritten page to remote users such that when they access any of those URLs, the requests go through GlobalProtect portal.In some cases, the application may have pages that do not need to be accessed through the portal (for example, the application may include a stock ticker from You can exclude these pages.The domains you add to the
    Rewrite Exclude Domain List
    are excluded from rewrite rules and cannot be rewritten.Paths are not supported in domain names. The wildcard character (*) for domain names can only appear at the beginning of the name (for example, *

Recommended For You