Hi all, I’ve been using GlobalProtect VPN and Clientless VPN for a long time and have a pretty good understanding of how it works. I have several web apps that I access through the Clientless VPN portal, but I recently added a new one (Kasm Workspaces, to be exact) and it just won’t work. If I’m using the GP client or I’m on the internal network, everything works fine.
However, when I try to access it through the clientless portal, although it loads the favicon, the page itself won’t load. I checked the firewall rules and found no denies or other issues.
This got me thinking since the firewall functions as a reverse proxy, has anyone else run into similar problems with their own apps?
Yes, we had to abandon clientless vpn testing entirely because of this. Basically anything relatively new that has JavaScript ES6 or higher simply won’t work.
You can check the browser developer mode and you should see errors about the JavaScript version if that is the issue.
- snip* GlobalProtect clientless VPN may exhibit incompatibility issues with JavaScript ES6 (ECMAScript 2015) or newer versions.
Have a look at Prisma Access Browser as an alternative!
There are definitely limitations, but the primary reason we got rid of clientless is because of the attack surface. We got slammed with login attempts constantly when it was on.
GP client still get hits but it is so much less than clientless.
ThomasTrain87 might be right, but I encountered a similar issue with the application Nextcloud. There were Javascript errors being thrown in the console (as you mention), although my errors might have been different than yours.
Anyway, I ended up fixing my issue by turning off Gzip encoding: debug global-protect portal clientlessvpn gzip-encoding off
Here’s the related KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sawiCAA&lang=en_US
Might be worth a try. Good luck!
Thank you for your response. That makes sense, I went into the console and can see the exact error message you described. I’ve been scratching my head over this and spent at least a good number of hours.
True, I had it turned off just for this reason but I also configured some pre-cautions
Thanks, I tried running the command but didn’t make a difference but good to know though
Sorry it wasn’t the solution for you