View All Resources

University VPN Getting Started Guide

The University Client VPN provides off-campus faculty, staff, and students with secure remote access to PennNet. Unlike existing VPN services that are currently offered by ISC and other Schools or Centers, the University VPN service is not designed to provide secure remote access to any specific data center(s) on campus. Instead, it allows access to the campus network generally, so that faculty, staff, and students can have the same network experience from a remote location as they currently do while connected to AirPennNet or by plugging into a physical port on campus. The University Client VPN uses Palo Alto's GlobalProtect software.

How to install the GlobalProtect application

Please see the appropriate tab below for installation and configuration instructions.

MacOS

Downloading the application

Navigate to vpn.upenn.edu using a browser. You should see a screen similar to the one below:

an image of the portal page used to download the Palo Alto application

Click on "Download Mac 32/64 bit GlobalProtect agent." This will download a file called GlobalProtect.pkg — double-clicking on this file will cause it to bring up a dialog box that will ask you a series of questions and walk you through the installation process. 

Screenshot of MacOS installer

Selecting "Continue" on this screen will walk you through installation of the application.

On some versions of MacOS, you may need to approve kernel extensions in order for the GlobalProtect VPN client to function normally. In this event, you will be prompted with a dialog box like the one shown below. Click on the button labelled "Open Security Preferences":

Screenshot of the MacOS System Extension Blocked dialog box

This will open your System Preferences dialog box. A warning will be displayed at the bottom of the dialog box next to the button labelled Allow. Click on the Allow button to continue.

Screenshot of the Security Preferences dialog

Configuring the application and connecting to the VPN

Once you have installed the application, you will see an icon appear in the upper-right-hand side of the menu bar. The GlobalProtect icon looks like a globe.

When you open the application, you will need to provide the Portal address:

vpn.upenn.edu

Screenshot of the Connect dialog once the Portal Address has been entered

Clicking on the Connect button will cause a browser window to open and prompt you for your PennKey credentials through the usual WebLogin screen.

Screenshot of the WebLogin dialog

After entering your username and password you should then see the usual Two-Step Verification screen:

Screenshot of the Penn WebLogin Two-Step Verification dialog

Once you have successful performed the necessary Two-Step Verification, you will then be connected to the VPN and the icon should change to indicate that you are connected.

Screenshot of Connected client app

Downloading the application

Navigate to vpn.upenn.edu using a browser. You should see a screen similar to the one below:

an image of the portal page used to download the Palo Alto application

Click the appropriate Windows link for your system; in nearly all circumstances this will be the Windows 64-bit GlobalProtect agent. Doing so will download a file called GlobalProtect64.msi for a 64-bit operating system or GlobalProtect.msi for a 32-bit operating system. Double-clicking on this file will cause it to bring up a dialog box that will ask you a series of questions and walk you through the installation process.

Screenshot of Windows installer

Windows will then ask for an installation location. (Accepting the default should be fine.)

Screenshot of Windows installation folder prompt

After this dialog box, the application will be installed.

Configuring the application and connecting to the VPN

Once you have installed the application, you will see an icon appear in the bottom-right-hand side of the taskbar. The GlobalProtect icon looks like a globe.

When you open the application, you will need to provide the Portal address:

vpn.upenn.edu

Screenshot of the Connect dialog once the Portal Address has been entered

Clicking on the Connect button will cause a browser window to open and prompt you for your PennKey credentials through the usual WebLogin screen.

Screenshot of the WebLogin dialog

After entering your username and password you should then see the usual Two-Step Verification screen:

Screenshot of the Penn WebLogin Two-Step Verification dialog

Once you have successful performed the necessary Two-Step Verification, you will then be connected to the VPN and the icon should change to indicate that you are connected.

Screenshot of Connected client app

Downloading the application

To install on iOS, you will need to find the GlobalProtect client in the Apple AppStore and install it using the normal process for iOS app installation.

For example, on an iPhone, click on the AppStore icon on your phone, search for “GlobalProtect” and select the GlobalProtect app developed by Palo Alto Networks. Click on the button labelled Install (shown below as "Open", because the app has already been installed).

Screenshot of searching the AppStore for the GlobalProtect app

Configuring the application and connecting to the VPN

Once you have installed the app on your iOS device, you should be able to open it and configure the Portal address, as shown below:

Example of adding / editing the portal address on iOS

Make sure that your portal address is listed as "vpn.upenn.edu" as in the screenshot above.

Installing the application

To install on Android, you will need to find the GlobalProtect client in the Google Play Store and install it using the normal process for Android apps.

For example, on an Android Device, click on the Play Store icon on your phone, search for “GlobalProtect” and select the GlobalProtect app developed by Palo Alto Networks. Click on the button labelled Install:

Screenshot of searching the Play Store for the GlobalProtect app

Configuring the application and connecting to the VPN

Once you have installed the app on your Android device, you should be able to open it and configure the Portal address, as shown below:

Example of adding / editing the portal address on Android

Make sure that your portal address is listed as "vpn.upenn.edu" as in the screenshot above.

Please note: Linux is not an officially supported operating system at Penn. Installers are provided "as-is."

Current Linux installers, as well as installation instructions describing GUI and CLI-based installs can be found in the following Penn+Box folder:

GlobalProtect Linux Installers (Box link)

Additional resources:

Palo Alto's instructions for Linux client installation

Palo Alto's instructions for Linux client usage