Clientless VPN Overview

When you configure Clientless VPN, remote users can log in to the GlobalProtect portal using a web browser and launch the web applications you publish for the user. Based on users or user groups, you can allow users to access a set of applications that you make available to them, or allow them to access additional corporate applications by entering a custom application URL.
After logging in to the portal, users see a published applications page with a list of web applications they can launch. (You can use the default applications landing page on the GlobalProtect portal or create a custom landing page for your enterprise.)
Applications Landing Page for Clientless VPN
ClientlessPortal.png
Because this page replaces the default portal landing page, it includes a link to the GlobalProtect agent download page. If configured, users can also select Application URL and enter URLs to launch additional, unpublished corporate web applications.
When you configure only one web application (and disable access to unpublished applications), instead of taking the user to the published applications page, the application will launch automatically as soon as the user logs in. If you do not configure GlobalProtect Clientless VPN, users will see the agent software download page when they log in to the portal.
When you configure GlobalProtect Clientless VPN, you need security policies to allow traffic from GlobalProtect endpoints to the security zone associated with the GlobalProtect portal that hosts the published applications landing page and security policies to allow user-based traffic from the GlobalProtect portal zone to the security zone where the published application servers are hosted. The security policies you define control which users have permission to use each published application.
Zones and Security Policy for Clientless VPN
clientless-vpn-security-zones.png

Related Documentation