Run & Authenticate to the Campus VPN

This article will show you how to run the campus VPN agent and perform a 2-Factor authentication with DUO.

For more information on the campus Virtual Private Network (VPN), view the document VPN Overview.

Before you begin:

If you do not currently have VPN privileges, go to http://www.fullerton.edu/it/services/software/ and select VPN. On this site you will fill out and submit the Software Request Form to request VPN access.

  1. You will need to install and authenticate the Duo two-factor authentication tool. View more information on Duo.
  2. Ensure ALL security and software updates are not older than 7 days.  The GlobalProtect Client performs a Health Check to ensure the security of your system when accessing the campus VPN.
  3. Download & Install the Campus VPN on your local system (workstation or device).

A local system is typically the workstation, device, etc controlling the connection.

i.e. typically your personal workstation, mobile device, browser

Run the GlobalProtect VPN Agent/ Client

1. Enter a campus GlobalProtect VPN address.

GlobalProtect portal address

After the download and installation of GlobalProtect is complete, locate the GlobalProtect app window and type a campus GlobalProtect portal address,

Campus GlobalProtect portal addresses:

Click Connect.

GlobalProtect - Full Tunnel vs. Split Tunnel
GlobalProtect - Full Tunnel (gpft.fullerton.edu)

Use the GlobalProtect - Full Tunnel anytime you are connected to an “Untrusted” (i.e. public network)

  • Examples of "Untrusted" networks include, but are not limited to airports, restaurants, hotels, traveling overseas, etc.
GlobalProtect - Split Tunnel (gpst.fullerton.edu)

Use the GlobalProtect - Split Tunnel when you are connected to a “Trusted” network and you need access to local campus resources (ex: printers, file shares, etc.)

  • Examples of "Trusted" networks include, but are not limited to, your home network, campus networks, etc.

If the GlobalProtect Client does not open, on the Toolbar of your desktop, locate and open the GlobalProtect Client.  Expand the app icons if you cannot find the GlobalProtect icon.

Windows 10 toolbar, pointing to GlobalProtect icon.

Authenticate with Duo

Authenticate with DUO from your Mobile Phone or Tablet

The following instructions show authenticating using a mobile device, but the steps are the same if you have installed the Duo app on a tablet device.

1. On the login window, enter your campus login credentials, then click "Sign In".

CSUF GlobalProtect login on your desktop or laptop.

Type the your campus/(ad) username and password to log into the GlobalProtect VPN Portal, then click Sign In.

2. From your mobile device, check for the DUO 2-Factor authentication notice.

DUO confirmation on your mobile device.

You will receive a notification on your mobile device to authenticate on the campus VPN network.

If the window on your system continues to display "Still Working..."
Still Working login screen.

Check your mobile device to ensure you received the DUO message:

  • The security message times out if you wait too long to authenticate your access.
  • You will need to re-authenticate if this happens (log into your campus VPN account again).

3. Tap the waiting request to authenticate DUO at your phone.

DUO "Waiting Request" on mobile device.

4. Click "Approve" to accept the campus VPN login request.

Approve DUO login request on mobile device.

You can now put  your mobile device down and proceed with your VPN connect on your system.

Authenticate with DUO from a keychain fob

Keychain fob can be obtained by contacting the Help Desk at helpdesk@fullerton.edu or 657-278-7777.

1. Press the button on your keychain fob to generate a passcode.

Token device

2. On the login window, enter your campus username. In the password field, enter your campus password followed by a comma and then the passcode (e.g., ThisIsMyCampusPassword123,787063). Then click Sign In.

CSUF GlobalProtect login.
  1. Type your campus username
  2. Type your campus password, followed by a comma, and then the passcode from your keychain fob (e.g., ThisIsMyCampusPassword123,787063).
  3. Click Sign In.
If the window continues to display "Still Working..." on your system
Still Working screen

The security message times out if you wait too long to authenticate your access. You may need to generate a new passcode on your keychain fob and re-enter your username and password with the updated passcode.

CONGRATULATIONS!  Your GlobalProtect is now connected to the campus VPN.

Connected message

Proceed to use the campus VPN resources you have access to.

  1. Remote Desktop to access your campus system.  
    • Each campus system must be properly configured for Remote Desktop access.
  2. RDP to campus resources.
    • You must contact the service owner of the campus resource to ensure proper access.
  3. Access campus resources through the security of the VPN network.
  4. Use the security of the VPN network to access resources.

Close the GlobalProtect pop-up window.

GlobalProtect window
  1. Click the x to close the window.
  2. Click the Do not show this again box to prevent this pop-up window from showing in the future.
Problems connecting...

A complete list of the supported operating systems can be found at VPN Overview - GlobalProtect Supported Operating Systems.

1. If you cannot connect to the VPN:
  1. Check all of your security and software updates and make sure they are no older than 7 days.
  2. Do you have SSLVPN privileges?  Contact the Helpdesk at 657)278-7777 or helpdesk@fullerton.edu to confirm your SSLVPN privileges.
2. If you can successfully connect to the VPN but are unable to access a resource:

It is likely your system failed a health check.  The system did not pass one or more required health checks and you may not be able to connect to all resources.

GlobalProtect Client Health Checks

GlobalProtect calls their health checks Host Information Profiles (HIP). After the user installs the client, it runs an initial health check on the system and then keeps track of the systems health. When a user connects to campus, the client supplies the HIP status to the GlobalProtect Gateway. The HIP status is then used by firewall polices to allow or deny access to resources.

Item
Status
Supported Operating Systems (Windows, Mac, iOS, Android, Chrome) must be up to date
Antivirus must be installed, running, up to date
Anti-Spyware  - (i.e. Windows Defender provides an anti-spyware) must be installed, running, up to date 
Firewall must be enabled
Patches must be up to date
Patch Management must be enabled (on devices that have the ability)

2.1. Get information about the status of the system on the "Host Profile" tab of the GlobalProtect client.

GlobalProtect settings window

Click the GlobalProtect icon > Click the gear symbol > Click Settings, then click Host Profile.

Once the issue is resolved, you can click Resubmit Host Profile to continue.

Be aware:  You do not necessarily need to disconnect to resolve the issue.

Need More Help?

Contact the IT Help Desk at helpdesk@fullerton.edu or 657-278-7777.