Publishing application like OWA , or RDP to servers to SSL portal.

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Publishing application like OWA , or RDP to servers to SSL portal.

L3 Networker


Is it possible to set up the Palo Alto to publish internal applications on the SSL vpn protal ? Just like the Juniper SSL devices lets you do ?




Not applicable

No, this is not available.  I wish it was as it would be a great addition to the product line.


Yes ,  most customers ask for this ability when they look at the SSL VPN component of the product.

Does anyone know if this feature will be available in the product anytime soon ?



L4 Transporter

Hi Sunil,

I guess part of the reason to do this was to give a sense of application control.  The Palo Alto Networks solution will give full security once you gain access to the SSL VPN and/or GlobalProtect.  This is done by user, application, HIP - which is not available on most remote access solutions.

Shortcuts/bookmarks can be pushed to client stations through GPO or done manually by the user.

I think the game has shifted a little and the use cases can be reviewed.  A full portal may still make sense in some areas - but worth reviewing the actual requirements.



Hi James,

Thanks for the detailed response. It makes sense from a security perspective becuase of palo's ability to secure and control applications . Most customers who ask for the published services on the SSL portal would like to use clientless SSL that lets you reverse proxy to the published applications on the web browser. This is also useful when you connect using a mobile device like an Iphone or even a device which is not yours , a friends machine or a device on another company network where you cant really install an SSL client, I guess clientless vpns just runs a Java applet on your browser.

The other aspect that comes to mind is the convenience of having the published applications to be clicked , as we go to multiple access devices (some which cant be controlled using GPO) , like mobile devices , tablets and other operating systems it just seems more convenient to have a web interface where all access channels are published.  We can still run all the Palo Next generation firewall features of application control , IPS etc across these sessions also.

Just thinking out loud.



  • 4 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!