04-17-2026 08:30 AM
Is there a way to put the globalprotect gateway behind a reverse proxy for sslvpn only?
I know that technically you can just NAT to the gateway but it is wanted to put the gateway behind a reverse proxy and not use ipsec, only sslvpn.
When I try this, the globalprotect app is allowed but the connection fails nonetheless. I assume this is because the reverse proxy is basically breaking open the connection and in this case is the "meddler in the middle" and is simply not possible because of this?!?
04-20-2026 01:44 AM
Is the intent to disable IPSec in favor of SSL, because you can simply set that in the GlobalProtect gateway:
It sounds like your reverse proxy may be changing things in the payload of the TLS connection, could it be set to passthrough and not interfere/decrypt ?
04-20-2026 02:47 AM
intent is to allow globalprotect through port 443 as sslvpn in most guest or public networks is not blocked but there is no separate IP
problem is that a reverse proxy is already in place on the only IP
configuring the proxy as stream proxy and then forwarding all but that one SNI to another loopback IP address of the reverse proxy is unfortunately not an option and it seems there is no other option globalprotect likely intentionally doesnt not establish the tunnel if this is detected
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
