GlobalProtect Clientless VPN supports access to remote desktops (RDPs), VNC or SSH. This document provides information on how you can enable your existing virtual or remote terminal applications with GlobalProtect Clientless VPN to perform RDP or VNC or SSH.
Environment
Palo Alto Firewall.
PAN-OS 8.1 and above.
GlobalProtect Clientless VPN
Resolution
Enabling RDP / VNC / SSH access
To enable remote desktop access through Clientless VPN, configure the virtual and/or terminal services environment that you already use in your enterprise to translate the RDP / VNC / SSH protocol in the backend to one of the Clientless VPN supported web technologies in the front end and publish that as a Clientless VPN application for your end-users. Web technologies supported by Clientless VPN include HTML, HTML5, HTML5-Web-Sockets.
The following videos demonstrate common virtual and/or terminal services environment published as a Clientless VPN application for users to RDP / VNC or SSH
VMware Horizon with HTML5 support
VMware Horizon allows enterprise administrators to run remote desktops and applications in their data center and deliver these as managed services to end users where ever they are. VMware Horizon with HTML5 access is needed to work with GlobalProtect Clientless VPN. For more details on VMware Horizon and configuration notes on using HTML5 access with VMware Horizon, refer here.
VMware vSphere and vCenter with HTML5 support
VMware vSphere and vCenter allows enterprise administrator to centrally manage VMware virtual infrastructure. vSphere 6.5 provides support for HTML5 web based access to vCenter Server. As long as vSphere and vCenter Server support HTML5 based access it can be accessed using GlobalProtect Clientless VPN. For more details on vSphere Client, refer here.
Citrix XenDesktop (or XenApp) VDI
To enable users to access the Citrix environment securely and remotely through GlobalProtect Clientless VPN, Citrix deployment should be configured to support HTML5 based Receiver. HTML5 based receiver uses secure websockets for remote connection to Virtual Delivery Agents (VDAs). This allows the users to access the published desktops and applications from a browser and do not need to install any additional plugins or software on the user's machine. For more information on how to configure Citrix environment with HTML5 receiver refer here
Thinfinity Workstation
Thinfinity Remote Desktop Server allows users to securely access remote Windows desktops and applications from any device with an HTML5 compatible browser. GlobalProtect Clientless VPN can provide RDP access to Windows desktops using Thinfinity. For more details on Thinfinity, refer here.
Guacamole
Use Apache Guacamole to help provide VNC, SSH and RDP access through Clientless VPN.
Apache Guacamole is a clientless remote desktop gateway. It supports standard RDP, VNC and SSH protocols and uses HTML5 to deliver access to the end user. For more details on Apache Guacamole, refer here.
The instructions below are for setting up Guacamole on a Ubuntu machine.
1. Get all updates for your Ubuntu machine
sudo apt-get update
2. Install all required dependencies for your Ubuntu machine