global protect clientless using guacamole

Reply
Highlighted
L3 Networker

global protect clientless using guacamole

Hi all,

Start working with global protect using MFA and try using guacamole for proxy rdp connection.

after building the guacamole server (updated one using Guacamole 1.1 on Ubuntu 20.04) the server is working on the internal network but when accessing it from outside I get the following message.

 

Access Error: 404 -- Not Found
Can't locate document: /guacamole/

 

The same error I received if I using MFA with SAML or LDAP authentication.

tried to use some other links but the same issue exist.

anyone familiar with this issue.

 

Thank you.

 

Highlighted
L1 Bithead

Can you check if you have everything properly configured as in the following admin guide:

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-clientless-vpn...

 

+ Check if you have the correct NAT rule, security rules.

+ Check if the application host can be resolved by DNS, to confirm this, run the following command via command line: 

> show system setting ssl-decrypt dns-cache

+ If the issue still persists, I would suggest upgrading Clientless VPN to the latest software, this can be done from Device> Dynamic Updates> Check Now to see the latest updates. 

 

I hope this helps. Let us know if you are still experiencing any issues.

 

Highlighted
L3 Networker

HI @domari 

New day new thinking.

Found the problem, found wrong configuration on the portal.

under global protect portal config --> clientless vpn --> general 

I put the guacamole server address in the host name instead of the vpn portal address.

now it is working fine.

I need to see how to use SSO for the guacamole rdp session instead of entering the credential again after the user pressing the guacamole application. 

Highlighted
L1 Bithead

Here is an example that shows how to configure Clientless VPN with SAML and SSO:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2oCAC

Highlighted
L3 Networker

@domari 

In our case we are using DUO so we user SAML and I'm looking for a way to add SSO for guacamole server. on DUO I don't see the option to add bookmark from their side.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!