Installing and using the NCSSM GlobalProtect VPN

Students must have a faculty or staff sponsor for access to the VPN.

NCSSM’s Palo Alto Networks firewall provides a VPN (Virtual Private Network), GlobalProtect, as part of its capabilities. Instructions for its installation and use by NCSSM staff are provided below. Please create a ticket for ITS if you have any issues or questions regarding these instructions.

 

Installing the GlobalProtect Client

Follow the set of instructions appropriate to your client system to install the GlobalProtect client. Then, continue to the Using GlobalProtect section for instructions on its use.

Notes:

  1. You may install the GlobalProtect client either on campus or off campus; however,

  2. You may connect to the NCSSM network using the GlobalProtect client only from off campus -on-campus attempts will fail.

Windows

To install the GlobalProtect VPN client on Windows, follow these steps:

  1. Determine whether your system is a 32-bit or a 64-bit system. Click on your start button, right-click on Computer and select Properties. You should see this screen:

  2. Look for the System type attribute. Its value will indicate whether you have a 32-bit or a 64-bit system.

  3. Download the appropriate client from https://goo.gl/bnkV2Y. If you are running a 64-bit operating system, use the file GlobalProtect-Windows-64bit-vXXX.msi (where XXX indicates a version number). If you are instead using a 32-bit operating system, use GlobalProtect-Windows-32bit-vXXX.msi.

  4. Locate the installer you downloaded in the previous step, and open it to install the application. Click Next on each of the presented screens to proceed with the installation.

  5. After the installation completes and you click Close, the VPN client will automatically launch, then it will present a window asking for a portal address. Enter fw.ncssm.edu and click Connect

  6. Enter your NCSSM credentials in Username and Password. (It is not necessary to prepend your username with “NCSSM\” or to include "@ncssm.edu" at the end of the Username.) Leave the Remember Me box checked unless you wish to enter your credentials each time you use the VPN. If you get a certificate warning, accept the certificate.

@Justin Fleming In step 5 above, need a new screenshot that shows the portal as dur-fw.ncssm.edu. Or expand the language to mention that dur-fw.ncssm.edu should be used for Durham and mor-fw.ncssm.edu for Morganton.


Please create a ticket for ITS if you have any issues installing the client.

macOS

Installing the GlobalProtect VPN client on macOS is substantially similar to the process for installing it on Windows. 

  1. Download the Mac client from https://goo.gl/bnkV2Y. The Mac client will have a name like GlobalProtect-MacOS-vXXX.pkg (XXX being the version number).

  2. If you are asked to Download the installation file, do so and, if necessary, note the location where it was saved.

  3. Locate the file you saved in the previous step, and open it to install the application.

  4. Click Continue to step through the installer.

  5. Click Install, providing your username and password on the Mac when prompted.

  6. On macOS Sierra and newer, it is necessary to grant permission to launch to the GlobalProtect application. To do so:

    1. Launch SystemPreferences

    2. Select Security & Privacy > General

    3. If the lock icon in the lower-left is locked, click on it and enter your machine password to unlock the settings

    4. Click Allow next to the message System software from developer "Palo Alto Networks" was blocked from loading.

  7. From the Applications folder, open GlobalProtect.app. You can then click the globe icon in the menu bar, type fw.ncssm.edu for the portal address, and then click Connect.

  8. Enter your NCSSM credentials in Username and Password when prompted. (It is not necessary to prepend your username with “NCSSM\” or to include "@ncssm.edu" at the end of the Username.)

  9. (Optional) If you get a certificate warning, accept the certificate.

  10. Enter your NCSSM credentials in Username and Password. (It is not necessary to prepend your username with “NCSSM\” or to include "@ncssm.edu" at the end of the Username.) Click Sign In.

  11. GlobalProtect will say that you are "Connected".

@Justin Fleming Need a similar update in step 7, above.

Please create a ticket for ITS if you have any issues installing the client.

Ubuntu

Palo Alto Networks does not currently provide a GlobalProtect client for Linux systems. However, there is a compatible VPN client, vpnc, available for Linux. To install vpnc on Ubuntu, follow these steps:

  1. Open a terminal and execute the command:

    sudo apt-get update && sudo apt-get install vpnc network-manager-vpnc

    Note that it may be necessary to enter your password at the prompt in order to enable root access for the installation.

  2. Once the command completes, launch the network manager by clicking on the Network Manager icon and selecting VPN ConnectionsConfigure VPN … > Add.

  3. Under Connection name, give the VPN connection a name. "NCSSM-vpn" or a variant is appropriate.

  4. On the VPN tab, enter the following values:

    1. Gateway: dur-fw.ncssm.edu

    2. User name: Your NCSSM user name, without prepended “NCSSM\”.

    3. User password: Your NCSSM password. Set the pull-down menu value on the right to Saved unless you wish to enter your password each time you connect to the VPN.

    4. Group name: Test1

    5. Group password: 1test. Again, set the pull-down menu value on the right to Saved unless you wish to enter the group password each time you connect to the VPN.

    6. Ensure that Use hybrid authentication is unchecked.

    7. Click on Advanced…, then enter the following values:

      1. Domain: ncssm

      2. Vendor: Cisco (default)

      3. Version: blank

      4. Encryption method: Secure (default)

      5. NAT traversal: NAT-T when available (default)

      6. IKE DH Group: DH Group 2 (default)

      7. Perfect Forward Secrecy: Server (default)

      8. Local port: 0

      9. Ensure that Disable Dead Peer Detection is unchecked

    8. Click Apply.

  5. On the IPv4 Settings tab:

    1. Ensure that Method is Automatic (VPN).

    2. Click on Routes..., then on the window that opens:

      1. Check Use this connection only for resources on its network.

      2. Enter values in the following table by using the Add button and entering the values in each cell. (Leave the Metric cell blank.) Each cell will have a red background until a legal value is entered, at which point the background will turn green.

        1. Address: 192.154.43.0

        2. Netmask: 255.255.255.0

        3. Gateway: 0.0.0.0

      3. Students needing access to the Computer science server (cs.ncssm.edu) also need to repeat step ii with the address 10.1.0.0, and the same netmask and gateway.

      4. Click OK.

    3. Click Save….

  6. The VPN client is now configured. See below for usage instructions.

Other Linux Distros

Please contact ITS for assistance.

Using GlobalProtect

Once GlobalProtect is installed, use these instructions to connect your client to the NCSSM VPN. Note that you can connect only from outside the NCSSM network. The instructions differ depending on your client system.

Windows and macOS

To use the GlobalProtect VPN, launch the GlobalProtect client and select File > Connect. Wait until the status is Connected.

Once you are done using the VPN, disconnect the client by selecting File > Disconnect. It will take a few seconds for the VPN tunnel to be disabled and your normal connection to be re-established.

Ubuntu

To use the GlobalProtect VPN, click on the Network Manager icon and select VPN Connections > NCSSM-vpn (or the name you specified when you configured the client). Wait for the VPN to connect. The network icon will change to show a small lock in the lower-right.

Once you are done using the VPN, again click on the Network Manager icon and select VPN Connections > Disconnect VPN. Note that it will take a few seconds for the VPN tunnel to be disabled and your normal connection to be re-established.

Other Linux Distros

Please contact ITS for assistance.