Focus

Prisma Access

GlobalProtect — Clientless VPN

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

GlobalProtect Pre-Logon

Monitor GlobalProtect Mobile Users

GlobalProtect — Clientless VPN

Configure Clientless VPN to provide secure access to common enterprise web applications from SSL-enabled web browsers.

Where Can I Use This?	What Do I Need?
`Prisma Access (Managed by Strata Cloud Manager)` `Prisma Access (Managed by Panorama)`	`Prisma Access` license

Clientless VPN enables secure remote access to enterprise applications from SSL-enabled web browsers. With Clientless VPN, end users are not required to install the GlobalProtect app software on their endpoints, which is useful when you need to enable partner or contractor access to applications and safely enable unmanaged assets, including personal endpoints.

Use the following steps to set up Clientless VPN for Prisma Access:

Go to

Settings

Prisma Access Setup

GlobalProtect

GlobalProtect Setup

Clientless VPN

and

Add Applications

Enable Clientless VPN

Add Clientless VPN rules.

Specify the users and applications that can use Clientless VPN.

If users need to reach the applications through a proxy server,

Add Proxy

Only basic authentication to the proxy is supported (username and password). You can add multiple proxy server configurations, one for each set of domains. Some of the settings to add include:

Domains

—Add the domains served by the proxy server. You can use a wild card character (*) at the beginning of the domain name to indicate multiple domains.

Enable Proxy

—Assign a proxy server to provide access to the domains

Server

—Specify the IP address or host name of the proxy server.

Port

—Specify a port for communication with the proxy server.

User and Password

—Specify the User and Password credentials needed to log in to the proxy server. Specify the password again for verification.

Modify the default

Crypto Settings

to specify the authentication and encryption algorithms for the SSL sessions between Prisma Access and the applications using Clientless VPN.

Add domains to the

Rewrite Exclude Domain List

The Clientless VPN acts as a reverse proxy and modifies web pages returned by the published web applications. It rewrites all URLs and presents a rewritten page to remote users such that when they access any of those URLs, the requests go through GlobalProtect portal.In some cases, the application may have pages that do not need to be accessed through the portal (for example, the application may include a stock ticker from yahoo.finance.com). You can exclude these pages.The domains you add to the

Rewrite Exclude Domain List

are excluded from rewrite rules and cannot be rewritten.Paths are not supported in domain names. The wildcard character (*) for domain names can only appear at the beginning of the name (for example, *.etrade.com).

GlobalProtect Pre-Logon

Monitor GlobalProtect Mobile Users

Prisma Access Docs

GlobalProtect — Clientless VPN

Prisma Access Docs

GlobalProtect — Clientless VPN

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner