Configure Clientless VPN to provide secure access to
common enterprise web applications from SSL-enabled web browsers.
Clientless VPN enables
secure remote access to enterprise applications from SSL-enabled
web browsers. With Clientless VPN, end users are not required to
install the GlobalProtect app software on their endpoints, which
is useful when you need to enable partner or contractor access to
applications and safely enable unmanaged assets, including personal
Use the following steps to set up Clientless VPN
for Prisma Access:
Mobile Users Setup
Enable Clientless VPN
Add Clientless VPN rules.
Specify the users and applications that can use Clientless VPN.
If users need to reach the applications through a proxy
Only basic authentication to the proxy is supported (username
and password). You can add multiple proxy server configurations,
one for each set of domains. Some of the settings to add include:
—Add the domains served
by the proxy server. You can use a wild card character (*) at the
beginning of the domain name to indicate multiple domains.
—Assign a proxy server
to provide access to the domains
—Specify the IP address or
host name of the proxy server.
—Specify a port for communication with
the proxy server.
User and Password
User and Password credentials needed to log in to the proxy server.
Specify the password again for verification.
Modify the default
the authentication and encryption algorithms for the SSL sessions between
Prisma Access and the applications using Clientless VPN.
Add domains to the
Rewrite Exclude Domain List
The Clientless VPN acts as a reverse proxy and modifies
web pages returned by the published web applications. It rewrites
all URLs and presents a rewritten page to remote users such that
when they access any of those URLs, the requests go through GlobalProtect
portal.In some cases, the application may have pages that do not
need to be accessed through the portal (for example, the application may
include a stock ticker from yahoo.finance.com). You can exclude
these pages.The domains you add to the
are excluded from rewrite rules and cannot
be rewritten.Paths are not supported in domain names. The wildcard
character (*) for domain names can only appear at the beginning of
the name (for example, *.etrade.com).