Global Protect Clientless VPN Portal Fails to Load Web Application with Chrome Browser
27044
Created On 02/19/20 21:22 PM - Last Modified 02/21/25 02:08 AM
Symptom
- Customer has upgraded the web server for one of the published Apps behind the Clientless VPN Portal
- The web application stops working specifically in the Chrome Browser - other browsers are working
- The Chrome browser displays a blank page and a spinning icon
- There is no error displayed in the Developer Tools -> Console on the Chrome browser
Environment
- Chrome Browser (all versions)
- PanOS Global Protect Clientless VPN (all versions)
Cause
- After upgrading the Web Server for the application - the application is requesting additional external content that wasn't requested previously:
- fonts.googleapis.com
- fonts.gstatic.com
- The security policies were allowing from Zone "ClientlessVPN" to Zone "Trust" which is where the web server application is hosted
- The security policies were not allowing from Zone "ClientlessVPN" to zone "Untrust" which is required to reach "fonts.googleapis.com" and "fonts.gstatic.com". The traffic is hitting a Deny policy.
- The Chrome browser is not displaying the remaining page content when it cannot retrieve the fonts content. (Internet Explorer and Firefox are displaying the web application content even though the are also not able to retrieve the fonts content).
Resolution
- The resolution is to permit the from zone ClientlessVPN to zone Untrust to permit the traffic to retrieve the Google fonts content.
Additional Information
- If there is logging enabled on the Deny policy - there will be a traffic log for the denied traffic
- Clientless VPN pcaps will show that HTTP GET requests are received in the client side PCAP but are not present in the server side PCAP - indicating that the firewall has blocked these packets coming into the portal
- Fiddler captures taken on the client machine will show that there was an HTTP GET request sent from the client to the Clientless VPN Portal, but there was no response received.