GlobalProtect — Clientless VPN

1. Go to SettingsPrisma Access SetupGlobalProtectGlobalProtect SetupClientless VPN and Add Applications.

2. Enable Clientless VPN.

3. Add Clientless VPN rules.

   Specify the users and applications that can use Clientless VPN.
4. If users need to reach the applications through a proxy server, Add Proxy.

   Only basic authentication to the proxy is supported (username and password). You can add multiple proxy server configurations, one for each set of domains. Some of the settings to add include:

   • Domains—Add the domains served by the proxy server. You can use a wild card character (*) at the beginning of the domain name to indicate multiple domains.
   • Enable Proxy—Assign a proxy server to provide access to the domains
   • Server—Specify the IP address or host name of the proxy server.
   • Port—Specify a port for communication with the proxy server.
   • User and Password—Specify the User and Password credentials needed to log in to the proxy server. Specify the password again for verification.
5. Modify the default Crypto Settings to specify the authentication and encryption algorithms for the SSL sessions between Prisma Access and the applications using Clientless VPN.
6. Add domains to the Rewrite Exclude Domain List.

   The Clientless VPN acts as a reverse proxy and modifies web pages returned by the published web applications. It rewrites all URLs and presents a rewritten page to remote users such that when they access any of those URLs, the requests go through GlobalProtect portal.In some cases, the application may have pages that do not need to be accessed through the portal (for example, the application may include a stock ticker from yahoo.finance.com). You can exclude these pages.The domains you add to the Rewrite Exclude Domain List are excluded from rewrite rules and cannot be rewritten.Paths are not supported in domain names. The wildcard character (*) for domain names can only appear at the beginning of the name (for example, *.etrade.com).