global protect clientless using guacamole

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

global protect clientless using guacamole

L3 Networker

Hi all,

Start working with global protect using MFA and try using guacamole for proxy rdp connection.

after building the guacamole server (updated one using Guacamole 1.1 on Ubuntu 20.04) the server is working on the internal network but when accessing it from outside I get the following message.

 

Access Error: 404 -- Not Found
Can't locate document: /guacamole/

 

The same error I received if I using MFA with SAML or LDAP authentication.

tried to use some other links but the same issue exist.

anyone familiar with this issue.

 

Thank you.

 

5 REPLIES 5

L2 Linker

Can you check if you have everything properly configured as in the following admin guide:

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-clientless-vpn...

 

+ Check if you have the correct NAT rule, security rules.

+ Check if the application host can be resolved by DNS, to confirm this, run the following command via command line: 

> show system setting ssl-decrypt dns-cache

+ If the issue still persists, I would suggest upgrading Clientless VPN to the latest software, this can be done from Device> Dynamic Updates> Check Now to see the latest updates. 

 

I hope this helps. Let us know if you are still experiencing any issues.

 

HI @domari 

New day new thinking.

Found the problem, found wrong configuration on the portal.

under global protect portal config --> clientless vpn --> general 

I put the guacamole server address in the host name instead of the vpn portal address.

now it is working fine.

I need to see how to use SSO for the guacamole rdp session instead of entering the credential again after the user pressing the guacamole application. 

Here is an example that shows how to configure Clientless VPN with SAML and SSO:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2oCAC

@domari 

In our case we are using DUO so we user SAML and I'm looking for a way to add SSO for guacamole server. on DUO I don't see the option to add bookmark from their side.

Did you ever find a solution to this? Trying to find a way to "passthrough" user credentials from the clientless vpn login to the guacamole server to prevent users from having to type in their credentials twice.

  • 8470 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!