I am attempting to use the Clientless VPN feature to give access to an internal web proxy server but have an issue where the Palo Alto is not rewriting URL's from a HTTP 301 Redirect.
We use inginx/vouch as the proxy server to provide single sign on functionality to our web applications. Part of the process for this authentication is that if a non-authenticated user hits inginx, the HTTP session is handed off to vouch that issues a HTTP 301 redirect to the client browser which contains another internal URL where the user can perform their log in. The issue is this internal URL is not re-written by the Global Protect portal so the user's browser is performing a name lookup and trying to go over the Internet to access the URL which is internal to our network only.
Does anyone know if the clientless VPN supports rewriting of HTTP 301 Redirect?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!