GlobalProtect — Clientless VPN

Configure Clientless VPN to provide secure access to common enterprise web applications from SSL-enabled web browsers.
Clientless VPN enables secure remote access to enterprise applications from SSL-enabled web browsers. With Clientless VPN, end users are not required to install the GlobalProtect app software on their endpoints, which is useful when you need to enable partner or contractor access to applications and safely enable unmanaged assets, including personal endpoints.
Use the following steps to set up Clientless VPN for Prisma Access:
  1. Go to
    Manage
    Mobile Users
    Mobile Users Setup
    Clientless VPN
    and
    Add Applications
    .
  2. Enable Clientless VPN
    .
  3. Add Clientless VPN rules.
    Specify the users and applications that can use Clientless VPN.
  4. If users need to reach the applications through a proxy server,
    Add Proxy
    .
    Only basic authentication to the proxy is supported (username and password). You can add multiple proxy server configurations, one for each set of domains. Some of the settings to add include:
    • Domains
      —Add the domains served by the proxy server. You can use a wild card character (*) at the beginning of the domain name to indicate multiple domains.
    • Enable Proxy
      —Assign a proxy server to provide access to the domains
    • Server
      —Specify the IP address or host name of the proxy server.
    • Port
      —Specify a port for communication with the proxy server.
    • User and Password
      —Specify the User and Password credentials needed to log in to the proxy server. Specify the password again for verification.
  5. Modify the default
    Crypto Settings
    to specify the authentication and encryption algorithms for the SSL sessions between Prisma Access and the applications using Clientless VPN.
  6. Add domains to the
    Rewrite Exclude Domain List
    .
    The Clientless VPN acts as a reverse proxy and modifies web pages returned by the published web applications. It rewrites all URLs and presents a rewritten page to remote users such that when they access any of those URLs, the requests go through GlobalProtect portal.In some cases, the application may have pages that do not need to be accessed through the portal (for example, the application may include a stock ticker from yahoo.finance.com). You can exclude these pages.The domains you add to the
    Rewrite Exclude Domain List
    are excluded from rewrite rules and cannot be rewritten.Paths are not supported in domain names. The wildcard character (*) for domain names can only appear at the beginning of the name (for example, *.etrade.com).

Recommended For You