topic Re: Rewrite Exclude domain list in Prisma Access Discussions

Rewrite Exclude domain list

FarrasErdiansyah — Wed, 05 Feb 2025 16:32:07 GMT

Hi, Tried to rewrite internal domain on clientless vpn prisma SASE, but i cant access it. if didnt rewrite the domain i can access it through clientless vpn. for example i have domain https://trulymagical.com/https/halo.deer.com but i want to rewrite and exclude domain list to be https://halo.deer.com only without the gp portal name in front of it. but i got an error i cant access it anymore if i rewrite it. please help me if anyone knows.

Re: Rewrite Exclude domain list

nikoolayy1 — Sat, 08 Feb 2025 12:47:07 GMT

As your question is a little bit unclear and I admit that I don't completely understand it I can mention that you need to make certain that Prisma Access also is able to resolve your internal domain halo.deer.com as well.

See:

DNS for Prisma Access

Outside of that the article for clientless vpn on the NGFW is better Configure Clientless VPN than the one for Prisma Access GlobalProtect — Clientless VPN so better review it as well.

Also you could set your crypto settings to the lowest level as it could be that your origin web uses old TLS just to see if it works and then to harden it. Also use tcpdump on the origin server to see if Prisma access connects to it and if needed check the origin server logs as well.

Re: Rewrite Exclude domain list

Vickynet — Sun, 09 Feb 2025 01:27:16 GMT

@FarrasErdiansyah wrote:

Hi, Tried to rewrite internal domain on clientless vpn prisma SASE, but i cant access it. if didnt rewrite the domain i can access it through clientless vpn. for example i have domain https://trulymagical.com/https/halo.deer.com but i want to rewrite and exclude domain list to be https://halo.deer.com only without the gp portal name in front of it. but i got an error i cant access it anymore if i rewrite it. please help me if anyone knows.

Hello @FarrasErdiansyah , I understand you are trying to rewrite an Internal domain for your clientless VPN in Prisma Access SASE, I believe the warning message you are seeing is expected. Any domain you add to the "Rewrite Exclude Domain List" are excluded from rewrite rules and cannot be rewritten. And paths are not supported in domain names. You can check the step 6 of this documentation: https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-mobile-users/mobile-users-globalprotect/configure-clientless-vpn-prisma-access

I hope that answers your questions.

Thank you,

Vickynet.