The University Client VPN provides off-campus users with secure remote access to PennNet. Unlike existing VPN services that are currently offered by ISC and other Schools or Centers, the University VPN service is not designed to provide secure remote access to any specific data center(s) on campus. Instead, it allows access to the campus network generally, so that users can have the same network experience from a remote location as they currently do while connected to AirPennNet or by plugging into a physical port on campus. The University Client VPN uses Palo Alto's GlobalProtect software.
How to install the GlobalProtect application
Please see the appropriate tab below for installation and configuration instructions.
Downloading the application
Navigate to vpn.upenn.edu using a browser. You should see a screen similar to the one below:
Click on "Download Mac 32/64 bit GlobalProtect agent." This will download a file called GlobalProtect.pkg — double-clicking on this file will cause it to bring up a dialog box that will ask you a series of questions and walk you through the installation process.
Selecting "Continue" on this screen will walk you through installation of the application.
On some versions of macOS, you may need to approve kernel extensions in order for the GlobalProtect VPN client to function normally. In this event, you will be prompted with a dialog box like the one shown below. Click on the button labelled "Open Security Preferences":
This will open your System Preferences dialog box. A warning will be displayed at the bottom of the dialog box next to the button labelled Allow. Click on the Allow button to continue.
Configuring the application and connecting to the VPN
Once you have installed the application, you will see an icon appear in the upper-right-hand side of the menu bar. The GlobalProtect icon looks like a globe.
When you open the application, you will need to provide the Portal address:
vpn.upenn.edu
Clicking on the Connect button will cause a browser window to open and prompt you for your PennKey credentials through the usual WebLogin screen.
After entering your username and password you should then see the usual Two-Step Verification screen:
Once you have successful performed the necessary Two-Step Verification, you will then be connected to the VPN and the icon should change to indicate that you are connected.
Downloading the application
Navigate to vpn.upenn.edu using a browser. You should see a screen similar to the one below:
Click the appropriate Windows link for your system; in nearly all circumstances this will be the Windows 64-bit GlobalProtect agent. Doing so will download a file called GlobalProtect64.msi for a 64-bit operating system or GlobalProtect.msi for a 32-bit operating system. Double-clicking on this file will cause it to bring up a dialog box that will ask you a series of questions and walk you through the installation process.
Windows will then ask for an installation location. (Accepting the default should be fine.)
After this dialog box, the application will be installed.
Configuring the application and connecting to the VPN
Once you have installed the application, you will see an icon appear in the bottom-right-hand side of the taskbar. The GlobalProtect icon looks like a globe.
When you open the application, you will need to provide the Portal address:
vpn.upenn.edu
Clicking on the Connect button will cause a browser window to open and prompt you for your PennKey credentials through the usual WebLogin screen.
After entering your username and password you should then see the usual Two-Step Verification screen:
Once you have successful performed the necessary Two-Step Verification, you will then be connected to the VPN and the icon should change to indicate that you are connected.
Downloading the application
To install on iOS, you will need to find the GlobalProtect client in the Apple App Store and install it using the normal process for iOS app installation.
For example, on an iPhone, click on the App Store icon on your phone, search for “GlobalProtect” and select the GlobalProtect app developed by Palo Alto Networks. Click on the button labelled Install (shown below as "Open", because the app has already been installed).
Configuring the application and connecting to the VPN
Once you have installed the app on your iOS device, you should be able to open it and configure the Portal address, as shown below:
Make sure that your portal address is listed as "vpn.upenn.edu" as in the screenshot above.
Installing the application
To install on Android, you will need to find the GlobalProtect client in the Google Play Store and install it using the normal process for Android apps.
For example, on an Android Device, click on the Play Store icon on your phone, search for “GlobalProtect” and select the GlobalProtect app developed by Palo Alto Networks. Click on the button labelled Install:
Configuring the application and connecting to the VPN
Once you have installed the app on your Android device, you should be able to open it and configure the Portal address, as shown below:
Make sure that your portal address is listed as "vpn.upenn.edu" as in the screenshot above.
Please note: Linux is not an officially supported operating system at Penn. Installers are provided "as-is."
Current Linux installers, as well as installation instructions describing GUI and CLI-based installs can be found in the following Penn+Box folder:
GlobalProtect Linux Installers (Box link)
Additional resources:
Palo Alto's instructions for Linux client installation
Palo Alto's instructions for Linux client usage
Palo Alto’s instructions for Linux client troubleshooting