We are testing out Global Protect Clientless and one of our customers goals is to provide Microsoft 365 web application access via the Clientless portal.
When using Firefox the site is loading as expected but once we log into the tenant and authenticate we get an error that we are logged right back out. Sometimes it doesn’t log us out until we click on the Outlook web app.
When running the same process in Chrome, Outlook web app will just hang and never load.
When watching the browsers dev tools there are some alerts about Java Script ES6.
TAC case provided documentation saying that ES6 is not supported.
https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-clientless-vpn/supported-technologies
Now I am not sure if this is what breaking things but TAC is leaning that way.
All of this to ask if anyone has been able to get 365 web apps working in the GP Clientless Portal?
I can’t believe that I am the only one who has this requirement. And it seems like a hell of an oversite not to be able to support it.
I am hoping there is a nob I can turn or switch I can flip to make this work.
Thanks for any info!
I tried getting clientless VPN working with a number of different internet SaaS applications and ultimately gave up as they all failed to load properly due to the ES6 not supported issue. In my case I tried Jira, M365 and ServiceNow…. All failed to work.
It seems the clientless VPN is intended to work with legacy web apps rather than modern web apps.
Wow. That sucks. Seems like a glaring over site.
Wonder how long that’s been an issue?
I know it’s been an issue for a as long as any app migrated to using ES6.
Based upon rumors I heard, it looks like the long term play here may be that Palo could be adding the Talon browser they just acquired as a means of ‘updating’ the ‘clientless VPN’ capabilities to support modern web apps but it remains to be seen if and how well that gets implemented.
Our SE mentioned Talon as alternative option but I am not familiar with it and in what capacity it is deployed.
And I am sure it comes with additional cost.