This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

global protect clientless using guacamole

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

global protect clientless using guacamole

SShnap
L3 Networker

‎06-16-2020 12:27 PM

Hi all,

Start working with global protect using MFA and try using guacamole for proxy rdp connection.

after building the guacamole server (updated one using Guacamole 1.1 on Ubuntu 20.04) the server is working on the internal network but when accessing it from outside I get the following message.

 

Access Error: 404 -- Not Found
Can't locate document: /guacamole/

 

The same error I received if I using MFA with SAML or LDAP authentication.

tried to use some other links but the same issue exist.

anyone familiar with this issue.

 

Thank you.

 

0 Likes Likes
5 REPLIES 5

domari
L2 Linker

‎06-17-2020 07:50 AM - edited ‎06-17-2020 07:52 AM

Can you check if you have everything properly configured as in the following admin guide:

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-clientless-vpn...

 

+ Check if you have the correct NAT rule, security rules.

+ Check if the application host can be resolved by DNS, to confirm this, run the following command via command line: 

> show system setting ssl-decrypt dns-cache

+ If the issue still persists, I would suggest upgrading Clientless VPN to the latest software, this can be done from Device> Dynamic Updates> Check Now to see the latest updates. 

 

I hope this helps. Let us know if you are still experiencing any issues.

 

(1)

SShnap
L3 Networker
In response to domari

‎06-17-2020 08:14 AM

HI @domari 

New day new thinking.

Found the problem, found wrong configuration on the portal.

under global protect portal config --> clientless vpn --> general 

I put the guacamole server address in the host name instead of the vpn portal address.

now it is working fine.

I need to see how to use SSO for the guacamole rdp session instead of entering the credential again after the user pressing the guacamole application. 

domari
L2 Linker
In response to SShnap

‎06-17-2020 08:27 AM

Here is an example that shows how to configure Clientless VPN with SAML and SSO:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2oCAC

0 Likes Likes

SShnap
L3 Networker
In response to domari

‎06-17-2020 09:31 AM

@domari 

In our case we are using DUO so we user SAML and I'm looking for a way to add SSO for guacamole server. on DUO I don't see the option to add bookmark from their side.

0 Likes Likes

JacobDecker
L0 Member
In response to SShnap

‎07-08-2021 02:22 PM

Did you ever find a solution to this? Trying to find a way to "passthrough" user credentials from the clientless vpn login to the guacamole server to prevent users from having to type in their credentials twice.

  • 8313 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks