https://live.paloaltonetworks.com/t5/general-topics/query-on-clientless-vpn/m-p/391353#M90770 <P><SPAN>We are told that the clientless apps only works with HTTP/HTTPS based apps, and therefore we cannot use it to allow MS remote desktop.</SPAN></P><P>&nbsp;</P><P><SPAN>This is the problem I am trying to solve. Our users currently use their own computers at &nbsp;home. They connect to the corporate network using Global Protect, but of course this could be a security risk if one of the home PCs has a virus.</SPAN></P><P><SPAN>Buying everyone a corporate machine for home is one option, but costly.</SPAN></P><P><SPAN>Therefore I was hoping we could use the firewall to allow them to connect using remote desktop, without allowing any data to be transferred from their office PC to their home PC.</SPAN></P> Tue, 16 Mar 2021 00:44:18 GMT FarzanaMustafa 2021-03-16T00:44:18Z https://live.paloaltonetworks.com/t5/general-topics/query-on-clientless-vpn/m-p/391353#M90770 <P><SPAN>We are told that the clientless apps only works with HTTP/HTTPS based apps, and therefore we cannot use it to allow MS remote desktop.</SPAN></P><P>&nbsp;</P><P><SPAN>This is the problem I am trying to solve. Our users currently use their own computers at &nbsp;home. They connect to the corporate network using Global Protect, but of course this could be a security risk if one of the home PCs has a virus.</SPAN></P><P><SPAN>Buying everyone a corporate machine for home is one option, but costly.</SPAN></P><P><SPAN>Therefore I was hoping we could use the firewall to allow them to connect using remote desktop, without allowing any data to be transferred from their office PC to their home PC.</SPAN></P> Tue, 16 Mar 2021 00:44:18 GMT https://live.paloaltonetworks.com/t5/general-topics/query-on-clientless-vpn/m-p/391353#M90770 FarzanaMustafa 2021-03-16T00:44:18Z https://live.paloaltonetworks.com/t5/general-topics/query-on-clientless-vpn/m-p/391396#M90774 <P>this really will depend on you security acceptance levels.</P><P>&nbsp;</P><P>We only allow RDP via an RDS gateway in the DMZ. 2 factor authentication is required and no file transfer/clipboard/drive mapping etc. between client and desktop.</P><P>&nbsp;</P><P>some good help here...&nbsp;&nbsp;</P><P>&nbsp;</P><P><A href="https://ryanmangansitblog.com/2020/03/23/quick-simple-remote-access-solution-using-ms-rd-gateway-12-16-19-versions-ready-to-use-within-the-hour/#:~:text=The%20RD%20Gateway%20allows%20you,TCP%20443%20and%20UDP%203391" target="_blank" rel="noopener">https://ryanmangansitblog.com/2020/03/23/quick-simple-remote-access-solution-using-ms-rd-gateway-12-16-19-versions-ready-to-use-within-the-hour/#:~:text=The%20RD%20Gateway%20allows%20you,TCP%20443%20and%20UDP%203391</A>.</P><P>&nbsp;</P><P>You can use GP to allow RDP application if you prefer but still prevent data transfers via RDP settings.</P><P>&nbsp;</P><P><A href="https://social.technet.microsoft.com/Forums/en-US/f07b2557-27fd-484f-9a62-635057959214/disable-file-transfercopy-paste-for-rds?forum=winserverTS" target="_blank">https://social.technet.microsoft.com/Forums/en-US/f07b2557-27fd-484f-9a62-635057959214/disable-file-transfercopy-paste-for-rds?forum=winserverTS</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 16 Mar 2021 09:36:51 GMT https://live.paloaltonetworks.com/t5/general-topics/query-on-clientless-vpn/m-p/391396#M90774 Mick_Ball 2021-03-16T09:36:51Z