Clientless VPN

GlobalProtect Clientless VPN is now available! Clientless VPN provides secure remote access to common enterprise web applications that use HTML, HTML5, and Javascript technologies. Users have the advantage of secure access from SSL-enabled web browsers without installing GlobalProtect client software. This is useful when you need to enable partner or contractor access to applications, and to safely enable unmanaged assets, including personal devices.
Sample Applications Landing Page for Clientless VPN
applications.png
You can configure the GlobalProtect portal landing page to provide access to web applications based on users and user groups and also allow single-sign on to SAML-enabled applications. Supported operating systems are Windows, Mac, iOS, Android, Chrome, and Linux. Supported browsers are the latest versions of Chrome, Internet Explorer, Safari, and Firefox.
This feature also requires you to install a GlobalProtect subscription on the firewall that hosts the Clientless VPN from the GlobalProtect portal. You also need the GlobalProtect Clientless VPN dynamic updates to use this feature. Refer to Activate Licenses and Subscriptions and Install Content and Software Updates .
When you configure Clientless VPN, remote users can log in to the GlobalProtect portal using a web browser and launch the web applications you publish for the user. Based on users or user groups, you can allow users to access a set of applications that you make available to them, or allow them to access additional corporate applications.
Configure Clientless VPN Applications
clientless-config.png
To configure Clientless VPN , follow these steps.
  1. Make sure you have a GlobalProtect subscription and the GlobalProtect Clientless VPN dynamic updates needed to use this feature.
  2. Configure the Clientless VPN applications and applications groups. The GlobalProtect portal displays these applications on the landing page that users see when they log in.
  3. Configure the GlobalProtect Portal to provide the Clientless VPN service.
  4. Map users and user groups to applications. This mapping controls which applications users or user groups can launch from a GlobalProtect Clientless VPN session. For information on qualified applications, see Supported Technologies .
  5. Specify the security settings for a Clientless VPN session.
    These settings control the authentication and encryption algorithms for the SSL sessions between the firewall and the published applications.
  6. If you need to reach the applications through a proxy server, specify one or more proxy server configurations to access the applications.
  7. Specify any special treatment for application domains. In some cases, the application may have pages that do not need to be accessed through the portal.
  8. Configure a Security policy rule to enable users to access the published applications.

Related Documentation