Versions Compared

Old Version 9

changes.mady.by.user Justin Fleming

Saved on

compared with

New Version 10

changes.mady.by.user Justin Fleming

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NCSSM’s Palo Alto Networks firewall provides a VPN (Virtual Private Network), GlobalProtect, as part of its capabilities. Instructions for its installation and use by NCSSM staff are provided below. Please create a ticket for ITS if you have any issues or questions regarding these instructions.

Table of Contents

Installing the GlobalProtect Client

Follow the set of instructions appropriate to your client system to install the GlobalProtect client. Then, continue to the Using GlobalProtect section for instructions on its use.

Info

Notes:

  1. You may install the GlobalProtect client either on campus or off campus; however,

  2. You may connect to the NCSSM network using the GlobalProtect client only from off campus -on-campus attempts will fail.

Windows

To install the GlobalProtect VPN client on Windows, follow these steps:

...

Please create a ticket for ITS if you have any issues installing the client.

macOS

Installing the GlobalProtect VPN client on macOS is substantially similar to the process for installing it on Windows. 

...

Please create a ticket for ITS if you have any issues installing the client.

Ubuntu

Palo Alto Networks does provide a GlobalProtect client for Linux systems. However, we instead use a compatible VPN client, vpnc, available for Linux. To install vpnc on Ubuntu, follow these steps:

  1. Open a terminal and execute the command:

    sudo apt-get update && sudo apt-get install vpnc network-manager-vpnc

    Note that it may be necessary to enter your password at the prompt in order to enable root access for the installation.

  2. Once the command completes, launch the network manager by clicking on the Network Manager icon and selecting VPN ConnectionsConfigure VPN … > Add.

  3. Under Connection name, give the VPN connection a name. "NCSSM-vpn" or a variant is appropriate.

  4. On the VPN tab, enter the following values:

    1. Gateway: fw.ncssm.edu

    2. User name: Your NCSSM user name, without prepended “NCSSM\”.

    3. User password: Your NCSSM password. Set the pull-down menu value on the right to Saved unless you wish to enter your password each time you connect to the VPN.

    4. Group name: Test1

    5. Group password: 1test. Again, set the pull-down menu value on the right to Saved unless you wish to enter the group password each time you connect to the VPN.

    6. Ensure that Use hybrid authentication is unchecked.

    7. Click on Advanced…, then enter the following values:

      1. Domain: ncssm

      2. Vendor: Cisco (default)

      3. Version: blank

      4. Encryption method: Secure (default)

      5. NAT traversal: NAT-T when available (default)

      6. IKE DH Group: DH Group 2 (default)

      7. Perfect Forward Secrecy: Server (default)

      8. Local port: 0

      9. Ensure that Disable Dead Peer Detection is unchecked

    8. Click Apply.

  5. On the IPv4 Settings tab:

    1. Ensure that Method is Automatic (VPN).

    2. Click on Routes..., then on the window that opens:

      1. Check Use this connection only for resources on its network.

      2. Enter values in the following table by using the Add button and entering the values in each cell. (Leave the Metric cell blank.) Each cell will have a red background until a legal value is entered, at which point the background will turn green.

        1. Address: 192.154.43.0

        2. Netmask: 255.255.255.0

        3. Gateway: 0.0.0.0

      3. Students needing access to the Computer science server (cs.ncssm.edu) also need to repeat step ii with the address 10.1.0.0, and the same netmask and gateway.

      4. Click OK.

    3. Click Save….

  6. The VPN client is now configured. See below for usage instructions.

Other Linux Distros

Please contact ITS for assistance.

Using GlobalProtect

Once GlobalProtect is installed, use these instructions to connect your client to the NCSSM VPN. Note that you can connect only from outside the NCSSM network. The instructions differ depending on your client system.

Windows and macOS

To use the GlobalProtect VPN, launch the GlobalProtect client and select File > Connect. Wait until the status is Connected.

Once you are done using the VPN, disconnect the client by selecting File > Disconnect. It will take a few seconds for the VPN tunnel to be disabled and your normal connection to be re-established.

Ubuntu

To use the GlobalProtect VPN, click on the Network Manager icon and select VPN Connections > NCSSM-vpn (or the name you specified when you configured the client). Wait for the VPN to connect. The network icon will change to show a small lock in the lower-right.

Once you are done using the VPN, again click on the Network Manager icon and select VPN Connections > Disconnect VPN. Note that it will take a few seconds for the VPN tunnel to be disabled and your normal connection to be re-established.

Other Linux Distros

Please contact ITS for assistance.